225916 matches found
Malicious code in @uipath/resource-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2feaa2d553cc8a9cf3f47bd84ee935efb1dc6d61096e2be94b0bdfe0aa0f2dd1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @uipath/project-packager (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fdd50cfa0aae7619d6766f47b468fca17a04673407486d5c747f860c0c2e22b7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @uipath/platform-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 89f494a30a8fe1637198b531a2c267ebb3aedf5d0c537afc1f12ea2186ef1d1f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @uipath/packager-tool-workflowcompiler-browser (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1592fda84153cb5e8d6559b95a932b4187fb3e4fe3d39f0bc0490547d72e3c5e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @uipath/packager-tool-case (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9ada59d259c9e6d817c3f2381a537459e5920f1869250c0aa9798c64089fbb8a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @uipath/packager-tool-bpmn (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9a5692c6b042a5bcb1332d3c1efb3db46428eaab10fea07d84883480c041d835 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @uipath/maestro-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6011a0c7aae20b028a8bdca262224d15d4c190b116cbc3d6f8dddef444ca84b3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @uipath/identity-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c0e65b9ead4356bbca8044ddc0ec0b690d5f0ec44d8427cbeda5f4d6f28c24b4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @uipath/flow-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c8016b3433ca7e37f6e4ac3a263a05fd7ba16ce1f652615018abffe280623d21 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @uipath/filesystem (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 146d5edb9ab8fea89bfb60b8ae01c6c1e8e0fea9e6332121cf3922f4d23546df Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @uipath/codedapp-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 82a4dcd41442fccefd9cd7692dbc1dc3e82b0fcef90097d498991d8f09e7528b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @uipath/codedagent-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eaec2ac4b4efbc449a39049c2d3793dd5f3c4fc4737957ba4e70f35fb6c13903 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @uipath/cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0fdad7ae6c57c8b952b6b0730ce0f4b0972f79ce008515a4eaf373dcd9dbaa38 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @uipath/auth (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b81e35e62a526162bdd6479e8f80cea429ab1ea1ec96b59475750d7fb8cb32e1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @uipath/admin-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4c7b3c6e3a941ca923642922773e148ac450c414f24a26637f0a048be65827e7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @uipath/access-policy-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 87fb4a7ca8257b97a21e311c9322a63b2691136e87c6a8ce12cc648890849f76 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @supersurkhet/sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dca9eab30c0c493a8981f3457e80b67d82738a2a23c3e4273d09885737a2306c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @mistralai/mistralai-gcp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3dcfd7fec176cc54232767b454429a7b3e0106aebbb16f2e9bdacc57e8a20ff9 The package @mistralai/mistralai-gcp was found to contain malicious code. Source: ghsa-malware...
Malicious code in @mesadev/rest (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 388ca6def3456a442ad932d90bb9732118d37d14ad0ac829d1806103e7aff202 The package @mesadev/rest was found to contain malicious code. Source: ghsa-malware b7f0d4cd50a4af49f5499cbe10e56291c9513bc01541e408f04c2662aabb17e0...
Malicious code in @supersurkhet/cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3219a7aa4b5f19cda44ae4217d0cf1d596988bd05ea1645b489ec579c50bcf17 The package @supersurkhet/cli was found to contain malicious code. Source: ghsa-malware...
Malicious code in git-git-git (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aee29b689edc0620e25183b269a2b0f9bb0a0e84e74f19d7c876e46712720e72 The package git-git-git was found to contain malicious code. Source: ghsa-malware fa5e0d5e3dc2a5a2cf5a7219b747a751510b5e030e512f041e52851fe28cbe34 An...
Malicious code in ts-dna (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 90ca06cbc068262aa930c182a5904cba8d5748f32663b648a0b78a183f4fe219 The package ts-dna was found to contain malicious code. Source: ghsa-malware a5660e49e1a2b3661bdf6ce230d7f75889675d5690086f7da2a2a04391dd13a5 Any...
Malicious code in @squawk/navaids (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eb4f88ca950b4d0ba1fb9666f866d8c742a9b0aeeb2657fadae9ed5dcd30359c The package @squawk/navaids was found to contain malicious code. Source: ghsa-malware 62f878f444def0ffdccd14f64cba4ee46bf960745aefb09d0c0ee16ed5ded86...
Malicious code in @squawk/mcp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ed4b99ef5ac5fd4f25fdd4844c49a608343d6596def04cfb9df850c40e927dc9 The package @squawk/mcp was found to contain malicious code. Source: ghsa-malware 7d06b20db1195e1e5566e553087c2be971625c4a648e9cbfe5c1e0e836b93aa9 An...
Malicious code in @squawk/units (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 39aaec9f38434cc7c5012cfde1e1156723d161341b897788e743f6360f369e71 The package @squawk/units was found to contain malicious code. Source: ghsa-malware 464a63d0dfe63cb91f03d50ef10143eae2c9d581998ff6025ba48e18c8d89ed5...
Malicious code in @squawk/flightplan (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e10ea8e442eceb45822eebfabfb86917c9a166af2490c6e670da321110d04d47 The package @squawk/flightplan was found to contain malicious code. Source: ghsa-malware...
Malicious code in @squawk/fix-data (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 624b956af551986dc49e0004c6e0c804f3b48f57216b63bb5784c9c236e866da The package @squawk/fix-data was found to contain malicious code. Source: ghsa-malware b47010b41e9098203e9d382c36292a5bfa3c32741fbc916a9a9935f9975fc8...
Malicious code in @tanstack/solid-start-server (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a9f623ce85c893266087d3eeb9812938d0f3eea0ddb33cd735589c104dafb8e2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @tanstack/start-plugin-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 49b587e79343875d24fc89fcc4df1fd24b25a111762b0a043ae2d01c30e34db5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @tanstack/router-devtools (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0b5f287de4737a3fc1c486fabad70d3ad833e85ba2ebfa8d0712052da9fca9ed Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @tanstack/react-start-server (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 048a583947c3ecbeb540293e0de5d513e84f0ea2793ca31ee5d2a76d4f750ddd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @tanstack/nitro-v2-vite-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f689866f0ed8e6cf47200b7bf613dd377c407e21d5ed6b2a0caf5252e822d8ff Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in mpkg123 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 df9e0498d827adeb16ea11e4a1137133d2124f039942b776f7ac098a257cd164 If executed as a module, the obfuscated code collects and exfiltrates sensitive data, including passwords saved in a browser. --- Category: MALICIOUS - The...
Malicious code in byvendors (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d3ae01e4f5473c61cf7c26fdf51f64fa34c7f16451ce6c093a52fd85b79eff5 The package byvendors was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in dlocal-cli (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 9cfdf8d83ac7dc528caac3292d1b02ba162629b349789149fbbfcb7094f778b0 Generic campaign for all likely research / pentests, where the amount or art of collected data raises questions about the privacy, security and ethical side. -...
Malicious code in pp-react-v5 (npm)
pp-react-v5 is a dependency confusion package published at the inflated version 10.0.0 to win npm resolution over any internally-hosted package of the same name. The package contains only a package.json with no functional source code. On installation the preinstall script executes a wget command...
Malicious code in django-b64-img (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f5ebdaebc61cf7a888322348e074f219519b7d09a24ab91732d8bc5061d86b2e The package provides a special image-storing field for Django REST Framework based on a legitimate implementation from the Hipo/drf-extra-fields repository. Th...
Malicious code in noon-contracts (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5e2a4c1ac3896b7769b47ab6659bf7b0d49f229963c910d0c9b9be11c5291c12 The package noon-contracts was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in @miurba/alcazaba (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36c814274998998c89db63740c3d1032c8da3d6f6f9e44e100328c83e4ea29a0 The package @miurba/alcazaba was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in solana-scanner (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 047a41b9a67bb975c2e98b31b5e13875569de5097f0b61bb5984e300687e03e3 The code automatically scans the filesystem looking for BIP-39 seed phrases and data indicating private keys, and exfiltrates them --- Category: MALICIOUS - Th...
Malicious code in crypto-wallet-utils (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 1e40a039f63743a1d3c20fb312ecd2ecb1e47fe20c6787efa0a3f0f441ad5828 The code automatically scans the filesystem looking for BIP-39 seed phrases and data indicating private keys, and exfiltrates them --- Category: MALICIOUS - Th...
Malicious code in web3-helper (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 8b4b0ec18a585bcc92bfeea9cf5e3febdd7d540f38f78cb1acc62ce33784a492 The code automatically scans the filesystem looking for BIP-39 seed phrases and data indicating private keys, and exfiltrates them --- Category: MALICIOUS - Th...
Malicious code in solana-wallet-utils (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 0fafa4851b72650b6cb905d88ab0e9ac73276e188d44bf1ff2cb010eb6945c59 Code pretends to be a crypto utility but exfiltrates given private key / seed --- Category: MALICIOUS - The campaign has clearly malicious intent, like...
Malicious code in sufiagent (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f2cfd59dcec981250aeaf0633059cfd0af4d5dac6c87a1d54b9e13ce70957858 Designed to run on Android. Under the mask of an AI agent, the code downloads a remote executable on import, and during usage, silently exfiltrates data like...
Malicious code in runtime-vitals (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f5e056ef78ad47697156c0dce0819370ffc74bb450e226bfb2bf934651b5836b Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in 24712-pl5004 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d79bb37b62b8d47ca459db0858a93ffb3c35e3791423c11a0853fb4ab17388e The package 24712-pl5004 was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in 24712-pl4712 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4c8947855d76def29ae6497648e1355d55d891c01d5eea51f475ef033c0eda29 The package 24712-pl4712 was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in b2bneo-rest (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 81aa2ce0b474a6829ca4aa8dca5776be81b750b88d093c610de24760671b8fb6 The package b2bneo-rest was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in test-py-conn (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7e39e3b24f15db8e5eff412ba6cb217986b6f80b6923712abd1efee4cf79a7ed The code automatically starts a worker designed to survive the exit of the main process. The worker load code from a PYC file which then connects to pre-define...
Malicious code in playwright-acustomed (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b8b21055de687ebac89fc9e5697c34b70cc910702d263b841399783f75b139bd Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...