PkgRadar

Malware advisories

Known malicious packages

Releases in the PkgRadar corpus that match a known-malicious advisory (OSV MAL- records). Each links to the affected packages and the upstream advisory.

AdvisorySummaryAffected releases
MAL-2026-2050Malicious code in @emilgroup/insurance-sdk (npm)10
MAL-2026-2051Malicious code in @emilgroup/insurance-sdk-node (npm)10
MAL-2026-3757Malicious code in claw-subagent-service (npm)8
MAL-2026-4533Malicious code in codebuff-cli (npm)8
MAL-2026-3609Malicious code in forge-jsxy (npm)7
MAL-2026-4288Malicious code in @jaggle/resizeobserves (npm)6
MAL-2026-4669Malicious code in shiroai (npm)6
MAL-2026-2046Malicious code in @emilgroup/document-sdk (npm)5
MAL-2026-2055Malicious code in @emilgroup/partner-sdk-node (npm)5
MAL-2026-2075Malicious code in @emilgroup/document-sdk-node (npm)5
MAL-2026-4346Malicious code in logger-draft (npm)5
MAL-2026-4394Malicious code in @ikyyofc/gemini-cli (npm)5
MAL-2026-4623Malicious code in npm-builderio-qwik-poc (npm)5
GHSA-c83v-7274-4vgpMalicious website can execute commands on the local system through XSS in the OpenCode web UI4
MAL-2026-2041Malicious code in @emilgroup/claim-sdk (npm)4
MAL-2026-2042Malicious code in @emilgroup/claim-sdk-node (npm)4
MAL-2026-2052Malicious code in @emilgroup/notification-sdk-node (npm)4
MAL-2026-4350Malicious code in clobprice.api (npm)4
MAL-2024-1006Malicious code in @ebay/ui-core-react (npm)3
MAL-2026-2900Malicious code in dotenv-pack (npm)3
MAL-2026-2920Malicious code in buffer-util-extend (npm)3
MAL-2026-4348Malicious code in api-rs-node (npm)3
MAL-2026-4496Malicious code in bandkit (npm)3
MAL-2026-4600Malicious code in loading-session (npm)3
MAL-2026-4697Malicious code in twokey (npm)3
MAL-2025-190880Malicious code in @posthog/github-release-tracking-plugin (npm)2
MAL-2025-190946Malicious code in @posthog/drop-events-on-property-plugin (npm)2
MAL-2025-190947Malicious code in @posthog/plugin-server (npm)2
MAL-2025-6214Malicious code in ecinc-cloud-moaxmpp (npm)2
MAL-2026-2031Malicious code in @emilgroup/account-sdk (npm)2
MAL-2026-2032Malicious code in @emilgroup/account-sdk-node (npm)2
MAL-2026-2036Malicious code in @emilgroup/auth-sdk (npm)2
MAL-2026-2037Malicious code in @emilgroup/auth-sdk-node (npm)2
MAL-2026-2044Malicious code in @emilgroup/customer-sdk (npm)2
MAL-2026-2045Malicious code in @emilgroup/customer-sdk-node (npm)2
MAL-2026-2048Malicious code in @emilgroup/gdv-sdk (npm)2
MAL-2026-2049Malicious code in @emilgroup/gdv-sdk-node (npm)2
MAL-2026-2060Malicious code in @emilgroup/tenant-sdk (npm)2
MAL-2026-2061Malicious code in @emilgroup/tenant-sdk-node (npm)2
MAL-2026-2509Malicious code in @langgraphjs/toolkit (npm)2
MAL-2026-2891Malicious code in chai-as-init (npm)2
MAL-2026-2929Malicious code in path-extend (npm)2
MAL-2026-2930Malicious code in path-internal (npm)2
MAL-2026-3309Malicious code in google-cloud-secret-manager-config-poc (npm)2
MAL-2026-3311Malicious code in path-addon (npm)2
MAL-2026-3323Malicious code in paypal-payouts-bridge (npm)2
MAL-2026-4347Malicious code in @devcarron/clob (npm)2
MAL-2026-4349Malicious code in clob.api (npm)2
MAL-2026-4404Malicious code in @loans/vehicles-api (npm)2
MAL-2026-4435Malicious code in @service-suppliers/fetch_suppliers_action_saga (npm)2
MAL-2026-4436Malicious code in @service-suppliers/select-supplier-watcher-saga (npm)2
MAL-2026-4437Malicious code in @service-suppliers/set_selected_supplier (npm)2
MAL-2026-4438Malicious code in @service-suppliers/suppliers (npm)2
MAL-2026-4439Malicious code in @service-user-notifications/set_notifications_not_removable (npm)2
MAL-2026-4444Malicious code in @shwfed/nuxt (npm)2
MAL-2026-4473Malicious code in @zizie071/libsignal-node (npm)2
MAL-2026-4491Malicious code in authcascade (npm)2
MAL-2026-4542Malicious code in crypto-javascript (npm)2
MAL-2026-4543Malicious code in customerdigital-ui-containers-lib (npm)2
MAL-2026-4549Malicious code in dot-utils-plus (npm)2
MAL-2026-4561Malicious code in fe-utils-core (npm)2
MAL-2026-4565Malicious code in fnd-stores (npm)2
MAL-2026-4567Malicious code in freertc (npm)2
MAL-2026-4580Malicious code in http-uploader-dev (npm)2
MAL-2026-4592Malicious code in jsontoken-extend (npm)2
MAL-2026-4674Malicious code in superacli (npm)2
MAL-2026-4699Malicious code in utils-mf (npm)2
MAL-2026-4707Malicious code in vue-compiler-sfc-plugin (npm)2
MAL-2026-4778Malicious code in 1cat-tunnel-client-zx (npm)2
MAL-2026-4779Malicious code in ether-bn.js (npm)2
MAL-2026-4784Malicious code in react-ui-polyfills (npm)2
MAL-2026-4807Malicious code in shop-minis (npm)2
MAL-2026-4823Malicious code in msc-terminal (npm)2
MAL-2026-5163Malicious code in @emcd-vue/auth (npm)2
MAL-2026-5168Malicious code in vg-interaction-model (npm)2
MAL-2024-7463Malicious code in pempers (npm)1
MAL-2026-2491Malicious code in @not-nemo/crypto-tracker (npm)1
MAL-2026-2740Malicious code in chai-as-type (npm)1
MAL-2026-3337Malicious code in @t-in-one/save_application_hid_to_storage (npm)1
MAL-2026-3774Malicious code in ts-build-optimize (npm)1
MAL-2026-4132Malicious code in echarts-for-react (npm)1
MAL-2026-4153Malicious code in size-sensor (npm)1
MAL-2026-4171Malicious code in @mc-xp/mc-monolith-js-src-package (npm)1
MAL-2026-4252Malicious code in @43uh3ig43/telemetry-client (npm)1
MAL-2026-4255Malicious code in cdk-sagemaker-notebook-workflow (npm)1
MAL-2026-4274Malicious code in power-apps (npm)1
MAL-2026-4289Malicious code in @stockrepublic/republic-components (npm)1
MAL-2026-4344Malicious code in verify-mycommand (npm)1
MAL-2026-4345Malicious code in eo-terminal (npm)1
MAL-2026-4351Malicious code in @databus-service-ui/ui-event (npm)1
MAL-2026-4352Malicious code in xarc-webpack-cli (npm)1
MAL-2026-4356Malicious code in testing-on-npmjs (npm)1
MAL-2026-4378Malicious code in @databus-service-ui/scroll-up-content (npm)1
MAL-2026-4385Malicious code in @druids/ui (npm)1
MAL-2026-4396Malicious code in @izumiswap/sdk (npm)1
MAL-2026-4420Malicious code in @polka-ui/loader (npm)1
MAL-2026-4421Malicious code in @pulse-web-platform-core/scripts-loader (npm)1
MAL-2026-4475Malicious code in aes-decode-runner-pro (npm)1
MAL-2026-4488Malicious code in auth-basic-vault (npm)1
MAL-2026-4489Malicious code in auth0-templates-scripts (npm)1
MAL-2026-4504Malicious code in cami-design (npm)1
MAL-2026-4511Malicious code in chai-as-patch (npm)1
MAL-2026-4512Malicious code in chai-as-repaired (npm)1
MAL-2026-4521Malicious code in class-weaver (npm)1
MAL-2026-4523Malicious code in claude-channel-imessage (npm)1
MAL-2026-4536Malicious code in corelia (npm)1
MAL-2026-4537Malicious code in cosmosdb-server (npm)1
MAL-2026-4544Malicious code in cwao (npm)1
MAL-2026-4546Malicious code in cwao-units (npm)1
MAL-2026-4547Malicious code in cxpher-linux-arm32 (npm)1
MAL-2026-4550Malicious code in emojifancy-print (npm)1
MAL-2026-4557Malicious code in ezymail (npm)1
MAL-2026-4566Malicious code in fpjson-lang (npm)1
MAL-2026-4570Malicious code in gehneb (npm)1
MAL-2026-4573Malicious code in git-userhub (npm)1
MAL-2026-4575Malicious code in happy-dlscord.js (npm)1
MAL-2026-4576Malicious code in hardhat-gas-analytics (npm)1
MAL-2026-4577Malicious code in harness-skil (npm)1
MAL-2026-4581Malicious code in idlidosa (npm)1
MAL-2026-4588Malicious code in ionic-insta-api-wrapper (npm)1
MAL-2026-4589Malicious code in itc-actors-api (npm)1
MAL-2026-4590Malicious code in json-to-simple-graphql-schema (npm)1
MAL-2026-4591Malicious code in jsonbson (npm)1
MAL-2026-4599Malicious code in license-checker-plus (npm)1
MAL-2026-4603Malicious code in lynx-keeper (npm)1
MAL-2026-4604Malicious code in lynx-keeper-cli (npm)1
MAL-2026-4613Malicious code in monade (npm)1
MAL-2026-4615Malicious code in motion-tool (npm)1
MAL-2026-4620Malicious code in nikou-node (npm)1
MAL-2026-4622Malicious code in normalize-path-seq (npm)1
MAL-2026-4656Malicious code in raise-common-lib (npm)1
MAL-2026-4667Malicious code in seekcode (npm)1
MAL-2026-4670Malicious code in skills-detector (npm)1
MAL-2026-4672Malicious code in solidity-coverage-plus (npm)1
MAL-2026-4678Malicious code in sysnode (npm)1
MAL-2026-4680Malicious code in tailwind-style-typography (npm)1
MAL-2026-4681Malicious code in tailwind-typography-stylecss (npm)1
MAL-2026-4715Malicious code in weavedb-base (npm)1
MAL-2026-4716Malicious code in weavedb-client (npm)1
MAL-2026-4721Malicious code in weavedb-node-client (npm)1
MAL-2026-4722Malicious code in weavedb-offchain (npm)1
MAL-2026-4723Malicious code in weavedb-sdk (npm)1
MAL-2026-4728Malicious code in web-dotenv (npm)1
MAL-2026-4737Malicious code in your-unique-package-name1 (npm)1
MAL-2026-4738Malicious code in zest-product (npm)1
MAL-2026-4739Malicious code in zkjson (npm)1
MAL-2026-4781Malicious code in unique-id-64 (npm)1
MAL-2026-4785Malicious code in test-nonmal-pkg-5 (npm)1
MAL-2026-4792Malicious code in react-json-chalk (npm)1
MAL-2026-4793Malicious code in vxui-react (npm)1
MAL-2026-4796Malicious code in fastjsonlog (npm)1
MAL-2026-4797Malicious code in int-node (npm)1
MAL-2026-4798Malicious code in jsonlogbundler (npm)1
MAL-2026-4799Malicious code in pdf-lib-enhanced (npm)1
MAL-2026-4800Malicious code in web3-prices (npm)1
MAL-2026-4801Malicious code in web3.prc (npm)1
MAL-2026-4802Malicious code in xlsx-enhanced (npm)1
MAL-2026-4803Malicious code in @fhkry/baileys (npm)1
MAL-2026-4805Malicious code in metricflow-tracker (npm)1
MAL-2026-4806Malicious code in shizukyu (npm)1
MAL-2026-4808Malicious code in wm-idp-sdk (npm)1
MAL-2026-4817Malicious code in chainix (npm)1
MAL-2026-4818Malicious code in saturn-bail (npm)1
MAL-2026-4819Malicious code in token-me-uk (npm)1
MAL-2026-4822Malicious code in loadtest-browser-lib (npm)1
MAL-2026-4826Malicious code in wm-mapper (npm)1
MAL-2026-4827Malicious code in unleash-js (npm)1
MAL-2026-4833Malicious code in bulletproof-json (npm)1
MAL-2026-4836Malicious code in nemo-reporter (npm)1
MAL-2026-4838Malicious code in justsaying-docs (npm)1
MAL-2026-4839Malicious code in hellowornd (npm)1
MAL-2026-4840Malicious code in @bcs-bank-complex-ui/deeplink (npm)1
MAL-2026-4841Malicious code in @hcs-hybrid/uirouter-core (npm)1
MAL-2026-4846Malicious code in @service-suppliers/fetch-initial-suppliers-watcher-saga (npm)1
MAL-2026-4847Malicious code in @service-suppliers/fetch-suppliers-watcher-saga (npm)1
MAL-2026-4848Malicious code in @service-suppliers/fetch_initial_suppliers_action_saga (npm)1
MAL-2026-4849Malicious code in @service-suppliers/fetch_suppliers_country_list_action_saga (npm)1
MAL-2026-4850Malicious code in @service-suppliers/reset_country_list (npm)1
MAL-2026-4851Malicious code in @service-suppliers/set_country_list (npm)1
MAL-2026-4852Malicious code in @service-suppliers/set_initial_loaded (npm)1
MAL-2026-4853Malicious code in @service-suppliers/set_selected_supplier_action_saga (npm)1
MAL-2026-4854Malicious code in @service-suppliers/set_suppliers_data (npm)1
MAL-2026-4855Malicious code in @service-suppliers/set_suppliers_loading_start (npm)1
MAL-2026-4856Malicious code in @service-suppliers/set_suppliers_loading_stop (npm)1
MAL-2026-4857Malicious code in @service-user-notifications/reset_notifications_not_removable (npm)1
MAL-2026-4858Malicious code in @service-user-notifications/set_refresh_interval (npm)1
MAL-2026-4860Malicious code in @qlab/ui (npm)1
MAL-2026-4882Malicious code in @cloudplatform-single-spa/administration (npm)1
MAL-2026-4888Malicious code in @cloudplatform-single-spa/arenadata-db (npm)1
MAL-2026-4891Malicious code in @cloudplatform-single-spa/base-static-page (npm)1
MAL-2026-4893Malicious code in @cloudplatform-single-spa/business-solutions (npm)1
MAL-2026-4896Malicious code in @cloudplatform-single-spa/cloud-dns (npm)1
MAL-2026-4898Malicious code in @cloudplatform-single-spa/cnapp-ui (npm)1
MAL-2026-4901Malicious code in @cloudplatform-single-spa/cp-api-gw (npm)1
MAL-2026-4902Malicious code in @cloudplatform-single-spa/datagrid (npm)1
MAL-2026-4903Malicious code in @cloudplatform-single-spa/dataplatform (npm)1
MAL-2026-4909Malicious code in @cloudplatform-single-spa/dataplatform-metastore (npm)1
MAL-2026-4912Malicious code in @cloudplatform-single-spa/dataplatform-trino (npm)1
MAL-2026-4917Malicious code in @cloudplatform-single-spa/employees (npm)1
MAL-2026-4918Malicious code in @cloudplatform-single-spa/enterprise (npm)1
MAL-2026-4922Malicious code in @cloudplatform-single-spa/floating-ips (npm)1
MAL-2026-4926Malicious code in @cloudplatform-single-spa/logaas (npm)1
MAL-2026-4931Malicious code in @cloudplatform-single-spa/marketplace-gigachat (npm)1
MAL-2026-4933Malicious code in @cloudplatform-single-spa/ml-ai-agents-agent (npm)1
MAL-2026-4934Malicious code in @cloudplatform-single-spa/ml-ai-agents-agent-system (npm)1
MAL-2026-4952Malicious code in @cloudplatform-single-spa/monitoring (npm)1
MAL-2026-4967Malicious code in @cloudplatform-single-spa/security-groups (npm)1
MAL-2026-4972Malicious code in @cloudplatform-single-spa/ssh-keys (npm)1
MAL-2026-4975Malicious code in @cloudplatform-single-spa/support (npm)1
MAL-2026-4978Malicious code in @cloudplatform-single-spa/svp-baas (npm)1
MAL-2026-4984Malicious code in @cloudplatform-single-spa/svp-interfaces (npm)1
MAL-2026-4988Malicious code in @cloudplatform-single-spa/svp-s3-storage (npm)1
MAL-2026-5003Malicious code in @cloudplatform-single-spa/vpn (npm)1
MAL-2026-5028Malicious code in sorenson-webfonts (npm)1
MAL-2026-5031Malicious code in @capibar.chat/ui-kit (npm)1
MAL-2026-5032Malicious code in @sber-ecom-core/sberpay-widget (npm)1
MAL-2026-5033Malicious code in @t-in-one/add_app_middleware_token (npm)1
MAL-2026-5034Malicious code in @t-in-one/add_application (npm)1
MAL-2026-5035Malicious code in @t-in-one/add_application_service_token (npm)1
MAL-2026-5036Malicious code in @t-in-one/add_application_tid (npm)1
MAL-2026-5037Malicious code in @t-in-one/application_id_storage_key_token (npm)1
MAL-2026-5038Malicious code in @t-in-one/form_product_token (npm)1
MAL-2026-5039Malicious code in @t-in-one/get_application_hid (npm)1
MAL-2026-5040Malicious code in @t-in-one/only_difference_payload (npm)1
MAL-2026-5041Malicious code in @t-in-one/prefill_bundle_data_token (npm)1
MAL-2026-5042Malicious code in @t-in-one/prefill_credit_data_token (npm)1
MAL-2026-5043Malicious code in @t-in-one/prefill_transformers_data_token (npm)1
MAL-2026-5044Malicious code in @t-in-one/restore_application_hid_from_storage (npm)1
MAL-2026-5045Malicious code in @t-in-one/safe_local_storage_token (npm)1
MAL-2026-5046Malicious code in @t-in-one/send_add_application (npm)1
MAL-2026-5095Malicious code in @challenger6/vm-pattern-library (npm)1
MAL-2026-5098Malicious code in js-shared-modules (npm)1
MAL-2026-5110Malicious code in jingmeideshishi (npm)1
MAL-2026-5121Malicious code in nepsnowplow (npm)1
MAL-2026-5122Malicious code in picnic-react-mise-en-place (npm)1
MAL-2026-5132Malicious code in rookie-security-test-pkg (npm)1
MAL-2026-5150Malicious code in @aonunited/angular (npm)1
MAL-2026-5158Malicious code in page-info-service (npm)1
MAL-2026-5159Malicious code in po-ops-local-dev (npm)1
MAL-2026-5164Malicious code in @emcd-vue/b2b-pay-form (npm)1
MAL-2026-5165Malicious code in @emcd-vue/loans (npm)1
MAL-2026-5166Malicious code in sourceflow-tracker (npm)1
MAL-2026-5174Malicious code in nodemon-pack (npm)1
MAL-2026-5175Malicious code in webpack-json (npm)1