69 matches found
Malicious code in @cw-ui/micro-ui-loader (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b558c8d90850ea9817e236b445ba2bc1020a35a81a099a5e1575ef705b00bd39 On npm install, postinstall.js reads the installer's hostname via os.hostname and sends it as a query parameter to a hardcoded bare-IP HTTP endpoint:...
27,000-Download Codex UI Tool Secretly Stole OpenAI Refresh Tokens
A malicious Codex UI npm package with 27,000 weekly downloads was caught exfiltrating OpenAI refresh tokens, exposing developers to account takeover risks...
CLEANSTART-2026-VU90450 Security fixes for CVE-2025-47911, CVE-2025-58190, CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-64715, CVE-2025-68119, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186, CVE-2026-33726 applied in versions: 0.13.3-r0, 0.13.3-r1
Multiple security vulnerabilities affect the hubble-ui package. These issues are resolved in later releases. See references for individual vulnerability details...
10minions-engine (>=0.0.1 <=0.0.4), @0xr404/lol404 (>=1.1.0 <=1.1.6) +3276 more potentially affected by CVE-2026-45740 via protobufjs (>=7.0.0 <=7.5.6)
protobufjs NPM version =7.0.0, =0.0.1, =1.1.0, =1.0.1-beta.0, =0.0.2-beta.0, =1.0.0, =1.5.10, =0.10.1, =1.1.0, =6.0.0, =2.0.2, =3.3.2 and more Source cves: CVE-2026-45740 Source advisory: SNYK:JS-PROTOBUFJS-16657755...
Malicious Package
Overview @ikeacn/ui is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
MAL-2026-462 Malicious code in @ikeacn/ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d77c56bdcd5f8b143de093a7fadd0d3c1c3cb5f06320a636c13438b58ebd68b2 The package @ikeacn/ui was found to contain malicious code. Source: ghsa-malware 36d82d92933643ae45e15ad2306059f66a4c3c1bfb998555c0356bc7eca5aa33 Any...
Malicious Package
Overview chakra-ui-2--styled-system is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Malicious Package
Overview chakra-ui-2--react-utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
EUVD-2026-3083
Malicious code in chakra-ui-2--react npm...
GHSA-PG5P-WWP8-97G8 vulnerabilities
Vulnerabilities for packages: hubble-ui...
CVE-2025-64715 vulnerabilities
Vulnerabilities for packages: hubble-ui, hubble-ui-backend-fips...
GHSA-38PP-6GCP-RQVM vulnerabilities
Vulnerabilities for packages: hubble-ui, hubble-ui-backend-fips...
Open Redirect
Overview Affected versions of this package are vulnerable to Open Redirect via the redirecturl parameter when url.Parse....IsAbs is false. An attacker can redirect users to malicious sites by supplying a protocol-relative URL with an empty scheme, which is improperly validated and allows...
MAL-2025-190619 Malicious code in hyatt-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45791aa99b3cab0aaa98d1564ffb2226c039f7e31723b2b4e6033d482e1ad3d6 The package hyatt-ui was found to contain malicious code. Source: ossf-package-analysis...
EUVD-2025-198555
Malicious code in sentry-ui npm...
MAL-2025-190614 Malicious code in sentry-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10b344e30280f8d412e7bb23ee828cea19637206f94ef992a20c372957c53b32 The package sentry-ui was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in chakra-ui-ophiuchus-sublimation-readable (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 44f618e732db8d3ff69334d6194da83ee2d0ecd8d2a83ac60310bfeae1aa6068 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-186086 Malicious code in chakra-ui-ethology-biomimicry-superflare (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ec1a6bd4839590111dd4aee2301174b7baaaf80bc633899c529eda7de74071c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-186713 Malicious code in element-ui-fermiparadox-carpo-orogeny (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6743a0059c55715c9eb684a714dfa0ccb855380d2eaaf67d88ce2f24837134be This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-122073
Malicious code in semantic-ui-kaus-install-centaurus npm...