225914 matches found
Malicious code in @vapi-ai/server-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a6c7977dbc054cdb7fe56da0d2fbd26e2a6fed695deb4263ccbf4adfedd86acb The Miasma malware is a self-propagating worm that spreads across the npm registry by abusing weaponized binding.gyp files to achieve...
Malicious code in @cloudplatform-single-spa/monaas-ui (npm)
Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...
Malicious code in @opensearch-project/opensearch (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1668370f4091d14b4e74ad0e9b25c70ccbc5bf7fb7d97f535212ce2289e71347 The package @opensearch-project/opensearch was found to contain malicious code. Source: ghsa-malware...
Malicious code in ai-sdk-ollama (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a6c7977dbc054cdb7fe56da0d2fbd26e2a6fed695deb4263ccbf4adfedd86acb The Miasma malware is a self-propagating worm that spreads across the npm registry by abusing weaponized binding.gyp files to achieve...
Malicious code in vite-babel-plugin-es6-promise (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 19412e443845747fa7d9b029fb4b869a17e57e3fc01783407a17684f0e1ad1d8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in vscode-mssql (npm)
The package vscode-mssql was found to contain malicious code...
Malicious code in umap (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f6dd42f96f818641d94fd4a2085dfd1071b6ce3fa44a3f05b785245ab4d1c886 Simple dependency confusion test. Versions before 0.1.2 do not perform any active action. The original umap package existed in the past, but was removed by the...
Malicious code in tailwindcss-basic-animation (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fa0cc72271b87587b2d58ff45625dfa9df9f8e4547b68096d359757e68b8946f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @antv/g2-brush (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in supabase (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ffc0b5a7cfe173533053ac607e28d5e000c963fc1fd706bd9eedf57902e11c1a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @antv/g2-plugin-slider (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in dbmux (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ea0eb849e9fd2ed82d7be882c76fdbb2a43f4beab87823798027cf347048c9c6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @tmecontinue/claude (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0813d6ca6de1573ab8f99aae08444e589f4c5751931e4b18812140f720b74239 Package self-describes as a 'Reverse-engineered Anthropic Claude Code CLI' and impersonates the legitimate @anthropic-ai/claude-code bin name...
Malicious code in eslint-plugin-cli-microsoft365 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0037031e005128b7ab89b1941901718b4890000f9a202f62e6d49f45102762dc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @operato/headroom (npm)
Suspicious postinstall script executing bundle.js and YARA rule match unsignedbitwisemathexcess indicate malicious behavior. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 71e970ada08943ee1043ac40c48714a5f5c29ae9c3c5d925c6dbfff9bcc47719 Any computer that has this...
Malicious code in telethon-pro-safe (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 8bc2e515c2eb7bf73ea5d532cfb6701dcaf3dd95e9d8248ee3d426b1d0c1ed8c During installation, package executes obfuscated code that starts a RAT-like software allowing remote control and exfiltrating sensitive data. --- Category:...
Malicious code in microsoft-applicationinsights-common (npm)
Two malicious npm packages published by the micresoft account typosquatting "microsoft" are part of a coordinated supply chain attack sharing identical infrastructure with packages published by the superbase account. Each package bundles a 4.5 MB statically-linked, UPX-packed ELF binary at...
Malicious code in buffer-utilities (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b3cf478b4c7637e44008fcc4590911059673b2efa3b3e956676ca18e5462c3d5 buffer-utilities impersonates the legitimate buffer package by Feross Aboukhadijeh, copying its name, email, homepage, and GitHub repo metadata, and...
Malicious code in @mlspace/experiments (npm)
Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...
Malicious code in has-ansi (npm)
The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0a7c0276dba3d39617d4cc7e1fdb42b46ca93ca1617825b962fc557c242ea516 Any computer that has this package installed or running should be considered fully compromised. All...
Malicious code in funcdesc (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4a5756a79331cdda67721e39889609f5c0b5e342b678dbce2de97c94ec2dbe29 The package installs funcdesc-setup.pth, which Python auto-executes at interpreter startup for any environment where this package is installed. The.p...
Malicious code in @tanstack/react-router-devtools (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2583e447a99e68ab9e3a7562a7a9693e1c09de387a824f47a07f325e3b5b4d39 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in granulate-utils (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 66679376251511e42a5b07462c7888555488f21e228e7b0b0e353db43256d569 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in pepsico-ds (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 84e06cbb0ba3e6ef5f40b90871131e6748e02e19b05f35af40904f6dc1273ade The package pepsico-ds was found to contain malicious code. Source: ghsa-malware c7a159652f3db642511d7ec78c875f15efe5cc2a53d36ca933aea2e210d1f5b8 Any...
Malicious code in fastify-addon (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3cb91c825be697244f8ff069bb56e79aff3b90de7b9947019095b6d0fa2fd270 fastify-addon is a typosquat of the legitimate fastify-plugin package. Its package.json sets repository, bugs, and homepage to...
Malicious code in uisp-connector (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 351b32a85d024168970d1a2e8b7c9c5e6ff6f1d31191390f248a988d9ea6b9a9 package.json declares preinstall: node index.js || true, causing index.js to run automatically on npm install. index.js issues a DNS resolution and...
Malicious code in create-wrangler-deploy (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a6c7977dbc054cdb7fe56da0d2fbd26e2a6fed695deb4263ccbf4adfedd86acb The Miasma malware is a self-propagating worm that spreads across the npm registry by abusing weaponized binding.gyp files to achieve...
Malicious code in dynamo-release (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a4e35bea632f7363e7a1cc6ccbfb9227eca2c4720b0a689edc1bc3ce64c9d85c Versions 1.5.4 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed using B...
Malicious code in @cloudplatform-single-spa/enterprise (npm)
Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...
Malicious code in @antv/color-util (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in amapcn (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in axios (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 503284900929e333b801f9f47419a2b4c21e4022d13a03fc14e4b5390767a51d The package axios was found to contain malicious code. Source: ghsa-malware bcd851213ecf0f8dc58fe88d79b3d19a59388272b2426097de7edc4c53df5d9e Any...
Malicious code in friendly-greeter-demo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ab72d8364f58d27c6ba37063af62500b494b2fcb8961c1a2b40ed1d2feabdcfe friendly-greeter-demo ships two independent remote-code-execution channels that activate automatically. postinstall.js runs on npm install and...
Malicious code in @debit-ib/mobile-debit-ib-additional-card-form (npm)
Part of a dependency confusion attack campaign targeting the @car-loans, @fb-deposit, and @debit-ib npm scopes. The attacker npm user pik-libs published 25 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version resolution,...
Malicious code in cdktn-provider-datadog (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 29ce930466b101c48ae641d7e4ad57f3d5169b9f14b1e041e4264e75cbfd965b Package name cdktn-provider-datadog is a single-character variant f→n of HashiCorp's widely-used cdktf-provider-datadog CDKTF provider. README and...
Malicious code in @gbrlxvii/ts-form-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a6e392f9939f227d4cee6ca815413961f271e9d22f33f7f0384a34c54d74223 On require'@gbrlxvii/ts-form-utils', index.js silently loads lib/perf.js inside a try/catch. perf.js immediately collects host fingerprint os.hostnam...
Malicious code in @antv/x6-plugin-selection (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in echarts-for-react (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Malicious code in pdfjs-dist-v5 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e5827ccd19d073818da31059d76a725b171d1fc793a4f2591ed0118a35b46c35 The package pdfjs-dist-v5 was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in um4r719-baileys (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 53f1c2a49e2308c20e21386b89c058c6acba9105dc484912cb141d7e8a1881b5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in bittensor-burn-watch (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16180f1609731d35398f11dbfcb328826d2e39a7acf42fc256b563512645e6e5 Package advertises itself as a Bittensor subnet burn-rate monitor but bundles a live TELEGRAMBOTTOKEN and TELEGRAMCHATID in...
Malicious code in @redhat-cloud-services/chrome (npm)
Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...
Malicious code in @cloudplatform-single-spa/svp-vm-migration (npm)
Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...
Malicious code in @cloudplatform-single-spa/security-groups (npm)
Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...
Malicious code in @autofleet/rabbit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a766d89a5ed19491bd107e5d31c79fbbe7a9be9bce2a957b290408fb9f54140c The package's compiled entry dist/index.js:48 defines let host = process.env.RABBITMQSERVICEHOST || '35.240.13.28' and then connects via...
Malicious code in @iola_adm/iola-cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e28a7ca88c4000d6efee1c0e324c8f28bebf03ef988e2ac3aa437857f34ee08 src/cli.js contains a hardcoded endpoint https://apiiola.yasg.ru referenced multiple times lines 1, 2, 198 and invoked via fetch at line 256, in code...
Malicious code in polymarket-bot (npm)
A coordinated supply-chain attack comprising 9 npm packages published by maintainer polymarketdev GitHub actor texsellix, repo texsellix/polymarket-trading-bot within a 2-minute window on 2026-05-20T23:30Z–23:32Z. All packages masquerade as legitimate Polymarket CLOB trading tools while...
Malicious code in axiosqqq (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9cf5bc7a896b21f9af923c60b9283758bf46d4fb279f752a42bae43bb6006aa Package name axiosqqq is a 3-character-suffix typosquat of axios and ships axios's verbatim source, README, and CHANGELOG to impersonate the legitima...
Malicious code in durabletask (PyPI)
1.4.1, 1.4.2, and 1.4.3 of durabletask were compromised via a PyPI maintainer account takeover. All three malicious versions were published on 2026-05-19 within a 35-minute window 16:19–16:54 UTC. Pin to =1.4.0. Attack chain - Stage 1 — Import-time dropper: on import, the package fetches a...
Malicious code in @openclaw-cn/cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 808f63e2460f19f5e3d3bd28745eaeb5f17a47226ad02c681e11069cd632765d The package @openclaw-cn/cli was found to contain malicious code. Source: ghsa-malware d44ce935cfbfa6f605998045f46eaa7a822658868ff8d774097bf02185e78a...