140 matches found
Malicious Package
Overview uipath-ui-widgets is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
TeamPCP Used Mini Shai-Hulud Worm to Poison Over 400 npm and PyPI Packages
Research reveals that TeamPCP hijacked OIDC tokens to poison hundreds of TanStack, Mistral AI, and UiPath packages with the self-propagating Mini Shai-Hulud worm...
Malicious code in @uipath/widget.sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8e72fd5223273f42c47db6b5b8217e2cdce8589d9cf9545621606c249facc6ff Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3587 Malicious code in @uipath/widget.sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8e72fd5223273f42c47db6b5b8217e2cdce8589d9cf9545621606c249facc6ff Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3586 Malicious code in @uipath/vss (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cfeb2de2eaeb02a5d8f7ce7edf48891f2dad988fb8fd5ed5b26e7c7118f3c9cc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @uipath/vss (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cfeb2de2eaeb02a5d8f7ce7edf48891f2dad988fb8fd5ed5b26e7c7118f3c9cc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3584 Malicious code in @uipath/uipath-python-bridge (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 465b4e4f63672a795258fa84f389a2194ac5052990b98799381806b2cc286069 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @uipath/uipath-python-bridge (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 465b4e4f63672a795258fa84f389a2194ac5052990b98799381806b2cc286069 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @uipath/ui-widgets-multi-file-upload (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 11925b121ae53cf0e735a083521dcd0dbea2b475fedf3ff4e66e4cfac9d7bbec Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @uipath/traces-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4875a66ac70789891a0be8418fb640e648e30654ea5f5d3a8f5f7b9760f70e93 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3582 Malicious code in @uipath/traces-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4875a66ac70789891a0be8418fb640e648e30654ea5f5d3a8f5f7b9760f70e93 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @uipath/tool-workflowcompiler (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3d8dc9fffc67cc51e878ac570f9d6caaa0aa46dda429476e70d45e1c3b38d28b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3581 Malicious code in @uipath/tool-workflowcompiler (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3d8dc9fffc67cc51e878ac570f9d6caaa0aa46dda429476e70d45e1c3b38d28b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @uipath/test-manager-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f31efe85854bdd27afe6808efd0ba0008d127f32a645708688158673d2be586e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3580 Malicious code in @uipath/test-manager-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f31efe85854bdd27afe6808efd0ba0008d127f32a645708688158673d2be586e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @uipath/telemetry (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 91d05751804316999a3882b1e43e61e9b9844220d8994bdc3d9dcfa25edd5a3b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3579 Malicious code in @uipath/telemetry (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 91d05751804316999a3882b1e43e61e9b9844220d8994bdc3d9dcfa25edd5a3b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
@uipath/project-packager (>=1.1.10 <=1.1.15), @uipath/solution-packager (>=0.0.30 <=0.0.34) potentially affected by unknown CVE via @uipath/solutionpackager-tool-core (>=0.0.31 <=0.0.33)
@uipath/solutionpackager-tool-core NPM version =0.0.31, =1.1.10, =0.0.30, =0.0.34 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3577...
MAL-2026-3577 Malicious code in @uipath/solutionpackager-tool-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 11eac97c9e1f9a26a36eb6395e45d059f5821d47b84fd3f90b62d0c5f6698b96 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @uipath/solutionpackager-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 64274b915ff6e2c5965c334cc5b2a7dca56efe8c3021c83e45d0269a9391345f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...