MAL-2026-3897 Malicious code in @antv/f2-vue (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

MAL-2025-4516 Malicious code in trip-plugins (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0d2290ac829220daaf6f2242ec116548af3053789350c71da7b541e9d65a523f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-4373 Malicious code in mbm-dgacha (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 584950211093c6cada6fd340d94a5749b3ee5e10049a6d57b9d3f1c494050fa1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2313 Malicious code in freezelists (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 50a6c5552bab08c7bd48024aaf770fee35eb596693593ec7d937909e6a672dea Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-1066 Malicious code in base-encryption (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1207f649c31fa807ecf3baa35f5f0226da4be187d7c3081ff90e449306df094c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-10986 Malicious code in malicious_sleep_package (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 99c56c5bd22f8ceb0fc4fb9fb6e616b108f88768dcd68a73feaaf4de3ea4ba2b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-8432 Malicious code in qlkube-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7d87aacc83b4b0b0d9201968dc75c81eee7b94e2faa03aae434e083f3c825213 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-8185 Malicious code in agopoweryea123 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ca5c5e5ef3f588541558976ee86112900b01f69ca9fe775b740d12315b8ddd01 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-1001 Malicious code in you-are-a-badass-at-making-money-master-the-mindset-of-wealth-by-jen-sincero-on-mac-new-version- (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1b5634aadf214a3bea5b6bd447159f6599ce4b0f4ce9328869bf8cabeeb595f3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-502 Malicious code in hk_780_usb_dental_camera_driver_ru (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0d45a01a85d2757d5c44a11ec7dd5ed58af593ed07b79de8fafd1ce5528ae19d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-507 Malicious code in hsdjhfjsdhfhtest009 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a7cb84bd15b4cb549b8153de1ef4c963f36744a7c8aa61bf6daac15df6a42995 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-988 Malicious code in yandex-meteo-flow (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ad598f1585a297ca8d20439b26fa25afb526a1f69cbdde3832e457b6daa6cf83 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-446 Malicious code in flip-flop-flip (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 73ed465c7396500b2809d9e073ffd8d00d490dda63517a0efd9b02600b6e739f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-971 Malicious code in amll (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7776332e118bee2ea3709d76f0d17765c43c203bf54e6d901a009a8712cf7a92 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-1011 Malicious code in angularanijmate (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ee01c0313af27f4d1db2a8775c41ee14494e6240652b759acee95de631903fa6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-1407 Malicious code in babel-plugin-transform-require-ensure (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 529ed1b6c6ad7d47d49ee5576dcf7cdf38c7f878d74115d4458fac45a6f45f6f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-3721 Malicious code in huddles-ui-templates (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3319c27851b8cfa8d6047a0b7ee7ff6d85ec964f2945b9401c009fa225d42223 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-654 Malicious code in @tinkoff-react-bui/highlighter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0f35ba0953c3d1b55af3ac66481e856e15f84300b58641282f67339e9fa1bbb3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-564 Malicious code in @rnps-ppr/ppr-gensenjs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware de1eabd4ee5f5339554abfabfae3e80f874110a7d05e219a497290565be9c672 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2020-5264

In PrestaShop before version 1.7.6.5, there is a reflected XSS while running the security compromised page. It allows anyone to execute arbitrary action. The problem is patched in the 1.7.6.5...