321 matches found
security-advisories
Security Advisories Public write-ups and PoCs for CVEs I've d...
MAL-2026-3187 Malicious code in apple-appstore-full-library-utility (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c81abc0b0ca85dceebddbddb78e6e2d6d05f87331f11b9a1190ad29d10adb4a The package apple-appstore-full-library-utility was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3189 Malicious code in react-video-canvas (npm)
Dependency confusion and typosquatting campaign by threat actor "saif777". Packages use inflated version numbers 9999.9999.9999, 9999.9999.10000, 50.50.50, 7.66.5 to win version resolution in environments with private registries. All active packages execute a postinstall hook "node index.js" that...
MAL-2026-3140 Malicious code in fivem-monitor (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 46a604a0acf84f672e7a3235e103f365f9d9f704c96faa12dcb5b9b0a9806004 The package fivem-monitor was found to contain malicious code. Source: ghsa-malware bea91e9a2c853e88f029684fb53cecc15f1960b1ccafb583b1da52a754f9ee4d...
Malicious code in @apiary-annex/title (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a21d55a19694bb77a748bff53e74597f9c1ed88df95f421975af40efe38a4183 The package @apiary-annex/title was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3055 Malicious code in @apple-pay-trust/validate-merchant (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 04e899c9f267696289778cbf0c2c4f8da289e47bb3bce95ffa4fa4e3fe290722 The package @apple-pay-trust/validate-merchant was found to contain malicious code. Source: ghsa-malware...
Malicious code in apollo-landing (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 47cb6abcb11f6d62fb52ef331d93bf4c2d5faacb9a4f91386aa6fb06e03b7bef The package apollo-landing was found to contain malicious code. Source: ghsa-malware ed937449ad5ded3d0430063ec8da96faa5c685d89f612418710856e92d1b6438...
OpenSSF Flags Malware Campaign on Slack Posing as Linux Foundation Figures
OpenSSF warns hackers impersonate Linux Foundation leaders on Slack, tricking developers into installing malware that can compromise entire systems...
MAL-2026-2553 Malicious code in paysafe-payments-sdk-common (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e93e9be8a06ed53e5f7b88d33e9f020bf96f51c343c2ffe9bd620bc498c011bf The package paysafe-payments-sdk-common was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2493 Malicious code in cloudera-poc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 24e0a829db4a908047174ccb540d590c9df780c994d9ecc1b1705247f89612de The package cloudera-poc was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in bytefrontier-tracker (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a556a5a46fe4be2c1c7662a6481c9086b192375a17d4dcdccfbe52564ed78571 The package bytefrontier-tracker was found to contain malicious code. Source: ghsa-malware...
Securing the open source supply chain across GitHub
Over the past year, a new pattern has emerged in attacks on the open source supply chain. Attackers are focusing on exfiltrating secrets like API keys in order to both publish malicious packages from an attacker-controlled machine as well as gain access to more projects in order to propagate the...
Malicious code in bos-decoration-elements (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8cb5985779c5099333bec5b084b209c36dea0dd9fa47ef2c2d7c3630c33daaa5 The package bos-decoration-elements was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-2123 Malicious code in yelp-mobile-site-common (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ad1d645e8b5f71c1d74bd3c213319d6674345796d462ed0e53a87c084f07a84 The package yelp-mobile-site-common was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2022 Malicious code in @mesh-components/card (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c96d53100e05047008977d25b2800e9da6e1d83f42874dcf6be5ed4144d3d83 The package @mesh-components/card was found to contain malicious code. Source: ossf-package-analysis...
CVE-2019-25555
creationtimestamp| type| source ---|---|--- 2026-03-21 14:58:59+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhlc7cvqy32e...
Malicious code in delphoi (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 72f68bb459a4772a75900ddec7e0a918b514f2211a2303aa80ef82252078e3b6 The package delphoi was found to contain malicious code. Source: ossf-package-analysis c15c8182b6e392861478887a08b04eb8fecc38b70000313dfaf1cad8ac8bc8...
CVE-2025-2399
creationtimestamp| type| source ---|---|--- 2026-03-19 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-078-05...
Investing in the people shaping open source and securing the future together
Open source has always been about community. It's about maintainers who review pull requests late at night. Volunteers who respond to security reports from strangers. And communities that quietly power the world's software. The reality behind the commits is that maintainers get stretched thin. Th...
Malicious code in jslint-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 11f2fdea43a54f2aac247e06fcc46c506979a5b1ccb5d178077662e61f747b74 The package jslint-config was found to contain malicious code. Source: ghsa-malware bddd0b74c730da3b118b7ef92befbc93b4b1379cc23ce7535e843151a84ae957...