https://db.gcve.eu Contains only the most 10 recent entries. http://www.rssboard.org/rss-specification python-feedgen en Wed, 11 Mar 2026 03:44:43 +0000 https://db.gcve.eu/vuln/mal-2026-1315 --- _-= Per source details. Do not edit below this line.=-_ ## Source: ghsa-malware (2845ee24242fc511c6b3d7ad1fe8ed0ab3feb42f943edae6255d0a72f2b88460) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it. --- _-= Per source details. Do not edit below this line.=-_ ## Source: ghsa-malware (2845ee24242fc511c6b3d7ad1fe8ed0ab3feb42f943edae6255d0a72f2b88460) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it. https://db.gcve.eu/vuln/mal-2026-1315 https://db.gcve.eu/vuln/mal-2026-1320 Remote code execution via fetching code from a remote URL and Discord webhook usage indicates malicious intent. Single version adds to suspicion. Remote code execution via fetching code from a remote URL and Discord webhook usage indicates malicious intent. Single version adds to suspicion. https://db.gcve.eu/vuln/mal-2026-1320 https://db.gcve.eu/vuln/mal-2026-1319 Package is malware due to ransomware-like behavior: file encryption, key exfiltration, terminal locking, ransom note, and persistence attempts. Package is malware due to ransomware-like behavior: file encryption, key exfiltration, terminal locking, ransom note, and persistence attempts. https://db.gcve.eu/vuln/mal-2026-1319 https://db.gcve.eu/vuln/mal-2026-1317 Malware detected: Collects and exfiltrates sensitive data to a suspicious webhook via a preinstall script. Malware detected: Collects and exfiltrates sensitive data to a suspicious webhook via a preinstall script. https://db.gcve.eu/vuln/mal-2026-1317 https://db.gcve.eu/vuln/mal-2026-1318 Package is malware. It exfiltrates data to a suspicious domain via callback.js, triggered by a preinstall script in package.json. Package is malware. It exfiltrates data to a suspicious domain via callback.js, triggered by a preinstall script in package.json. https://db.gcve.eu/vuln/mal-2026-1318 https://db.gcve.eu/vuln/mal-2026-1321 --- _-= Per source details. Do not edit below this line.=-_ ## Source: ghsa-malware (e4d79bdcbf291181336d3988ed7fd17314a787fb3c63ce81ea6af5412828a042) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it. --- _-= Per source details. Do not edit below this line.=-_ ## Source: ghsa-malware (e4d79bdcbf291181336d3988ed7fd17314a787fb3c63ce81ea6af5412828a042) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it. https://db.gcve.eu/vuln/mal-2026-1321 https://db.gcve.eu/vuln/mal-2026-1322 --- _-= Per source details. Do not edit below this line.=-_ ## Source: ghsa-malware (f55edfe6ea35e734acb3592f0b13348ef997c46497c2975855d609ee45912671) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it. --- _-= Per source details. Do not edit below this line.=-_ ## Source: ghsa-malware (f55edfe6ea35e734acb3592f0b13348ef997c46497c2975855d609ee45912671) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it. https://db.gcve.eu/vuln/mal-2026-1322 https://db.gcve.eu/vuln/mal-2026-1323 --- _-= Per source details. Do not edit below this line.=-_ ## Source: ghsa-malware (5fa1f9d14f84ac8f84bb9396f56e30ac62aedb0070d625f44091980b937c6ffe) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it. --- _-= Per source details. Do not edit below this line.=-_ ## Source: ghsa-malware (5fa1f9d14f84ac8f84bb9396f56e30ac62aedb0070d625f44091980b937c6ffe) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it. https://db.gcve.eu/vuln/mal-2026-1323 https://db.gcve.eu/vuln/mal-2026-1324 --- _-= Per source details. Do not edit below this line.=-_ ## Source: ghsa-malware (375e0f06fa907cabddd21899e80ee07e0f33629ddbc5d73ee6be4a743b663791) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it. --- _-= Per source details. Do not edit below this line.=-_ ## Source: ghsa-malware (375e0f06fa907cabddd21899e80ee07e0f33629ddbc5d73ee6be4a743b663791) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it. https://db.gcve.eu/vuln/mal-2026-1324 https://db.gcve.eu/vuln/mal-2026-1325 --- _-= Per source details. Do not edit below this line.=-_ ## Source: kam193 (4ddf16f7a9941918ea74e21a3742e8f03d7b5c6f5720d7d031d2c69f8d6495c3) Installing the package starts encrypting the user's file and demanding ransom for the decryption. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2026-03-synapseml-utils Reasons (based on the campaign): - ransomware --- _-= Per source details. Do not edit below this line.=-_ ## Source: kam193 (4ddf16f7a9941918ea74e21a3742e8f03d7b5c6f5720d7d031d2c69f8d6495c3) Installing the package starts encrypting the user's file and demanding ransom for the decryption. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2026-03-synapseml-utils Reasons (based on the campaign): - ransomware https://db.gcve.eu/vuln/mal-2026-1325