MAL-2025-5391 Malicious code in discourse-mf (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 08376ea7d043c168bc4090d97de1318100b0b2ffb0600a3694a286b5c4b88dea Any computer that has this package installed or running should be considered...

MAL-2025-3893 Malicious code in how-sezzle-works (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8357087de81359973557c6bb5ec8ded0959d60d77dc8a8da4807ae8f57f9222a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3885 Malicious code in etherbundle (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 71305511ac73c9c681a5abf765d127187bb45c8c2b946c2ce40afe03e408c0d1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2478 Malicious code in you-test-test-vue (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 13a9b3aed0c3abe33ee85f5fc9b7c0dd8020835cb6f1c038f1f6dd6822561a3e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-1257 Malicious code in presto-router-webui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f5755c0de7cee5665001841d934d1285ebbf706e6d3ce52299f48c4ad8b9de88 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-283 Malicious code in calypso-eslint-overrides (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 04e56d5029c9f673038593248e7a19047892f45f4344d5a98af273acf9d2a358 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-167 Malicious code in bc-bundle (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 21ca742de853894958cf8e34ed10d1e17d9584d7b71e3513b533c66a7a207067 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-23209 Potential RCE with a compromised security key in craft/cms

Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. This is an remote code execution RCE vulnerability that affects Craft 4 and 5 installs where your security key has already been compromised. Anyone running an unpatched version of Craft with a...

MAL-2025-99 Malicious code in reactnativecreativekitdemoo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7d947fc579794653736a44c851146ddc7e503173b00e1b3adf67c00ba851c5d8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-4013 Malicious code in jenkins-autoscaling (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 407c23d17ae0216f76ee0044742748367bae6ab0464be5803730cd48a9b318d2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...