116 matches found
MAL-2025-192223 Malicious code in elf-stats-nutmeg-cocoa-967 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec53b5235707d735ff1bece95ce8c4e95266aca2f088ceb1460b2c686ca4616d The package elf-stats-nutmeg-cocoa-967 was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in wfui-test-e2e (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f560542e2d2fa22d83add8cd46675e252d841fe3b08edfd847677a98547e86a7 The package wfui-test-e2e was found to contain malicious code. Source: ghsa-malware 3440ad1d2e090dbea33cc7a6b8e4cda047b6e20b31fc8bbd3d9e13b1f1758c56...
MAL-2025-190626 Malicious code in vue3-transpiler (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 61eaca42a219c9b161768c7938d34f6bc4d6e169c5ae43e88acf7a8a70be537b The package vue3-transpiler was found to contain malicious code. Source: ossf-package-analysis...
MAL-2025-190608 Malicious code in o2-modal (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12445272ee24c376909e302bc2f4fe2c23af7aae5479ca74493a57adcdd4f028 The package o2-modal was found to contain malicious code. Source: ossf-package-analysis...
MAL-2025-190603 Malicious code in airbnb-phoenix (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a37ecd19e914e8801e6398f69fea68500fc8c985d6bff3dc5613aaf0ea09692 The package airbnb-phoenix was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in @ra-ide/ld-frontend (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aec551eb9431424b0e79cb127427880ebd5c21b9deb2b8d4a378fb650fb45a84 The package @ra-ide/ld-frontend was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in node-calculator-1b6e (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9836f0c7c84a6804c063c9e845dd05381413f1c6c9fe2b6d8e1d70473a80a456 The package node-calculator-1b6e was found to contain malicious code. Source: ossf-package-analysis...
MAL-2025-48948 Malicious code in haedal-vaults-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 4cdc575f935d62b37b17082181381a8002b5784fedda1dfc854ef2f74f39edf6 The OpenSSF Package Analysis project identified 'haedal-vaults-sdk' @ 1.6.0 npm as malicious. It is considered malicious because: - The package...
MAL-2025-48526 Malicious code in taxify-work-profile (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 46f9db2231e68ebc03c3b566274d3bd3c0d6510f29c5eec6c83c1fa41806009a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-46955 Malicious code in monolith-twirp-pages-pagesdeployerapi (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 73a08935b8c380f8b7bb77b1d747d25a9af720bd5d30e375a9acc79ca14b82bd The OpenSSF Package Analysis project identified 'monolith-twirp-pages-pagesdeployerapi' @ 1.9.8 rubygems as malicious. It is considered maliciou...
Malicious code in invalid-polyfill-boundary (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 0fbf998b1c11f6a785806e2ab4f0bbbc4da9a95e803f643a497d41215484a11d The OpenSSF Package Analysis project identified 'invalid-polyfill-boundary' @ 99.0.9 npm as malicious. It is considered malicious because: - The...
MAL-2025-41262 Malicious code in fb_helpers (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fd02d94679b40d95c81b651a29666a45452deabc83d8e33032104032eef13261 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in mint-backend (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 13804e154bae1eba072cd15e94a81c7d0e03e959552fd66f99f4c9de162b2db2 The OpenSSF Package Analysis project identified 'mint-backend' @ 2.0....
MAL-2025-6924 Malicious code in electron-test-main (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 64731d49ad099a9f118a9485fb5568a4f594576ed888e0bb96f7f278853ec158 The OpenSSF Package Analysis project identified 'electron-test-main' ...
MAL-2025-6812 Malicious code in eslint-plugin-react_editor (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 091ef657bc115b400dc3d8cd65691df53caef85fa307f52d627aac4d50120a77 The OpenSSF Package Analysis project identified 'eslint-plugin-reacteditor' @ 71.71.72 npm as malicious. It is considered malicious because: - T...
Malicious code in flatfox-api (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c1abb243ceb7b5b94ca2f950d7cf27838ad4c22bc9771a0ea878af5497bfebf2 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in everestsystems-content-core (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b1e36c55069fe1374c19441b5e3cbabd0ba1bc120d2d1651dd5570157a8a9c57 The OpenSSF Package Analysis project identified...
CVE-2021-27961
creationtimestamp| type| source ---|---|--- 2025-07-09 17:00:33+00:00| seen| https://gist.github.com/phlmox/c24bf28f12fbc0f2ea73dd9e8cfa94e3...
Malicious code in buzzwordcrm (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 940f87e50ab955b94dc0592711a21d19b9c1c962229c927531aef0816bf7ae2a Any computer that has this package installed or running should be considered...
Malicious code in @seo-frontend-components/card-blog-carousel (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1cfcc9a2754a9e96e7bfd7f7c78281a5016b48feeaa8c61f782bcab5dbe4ae8e The OpenSSF Package Analysis project identified '@seo-frontend-components/card-blog-carousel' @ 1.999.0 npm as malicious. It is considered...