mal-2026-322
Vulnerability from ossf_malicious_packages
Published
2026-01-16 13:51
Modified
2026-01-19 01:55
Summary
Malicious code in admin10001 (npm)
Details
-= Per source details. Do not edit below this line.=-
Source: ghsa-malware (cd2649bb4fa68be63a9cdca6eb598a2c9b756cdfbbf050c3fa915074bccb1e1d)
Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.
Source: ossf-package-analysis (065613074af4477848f512912797945118719f8a78d11e96304c37e450569850)
The OpenSSF Package Analysis project identified 'admin10001' @ 1.0.107 (npm) as malicious.
It is considered malicious because:
-
The package communicates with a domain associated with malicious activity.
-
The package executes one or more commands associated with malicious behavior.
CWE
- CWE-506 - The product contains code that appears to be malicious in nature.
Credits
OpenSSF: Package Analysis
github.com/ossf/package-analysis
openssf.slack.com/channels/package_analysis
{
"affected": [
{
"database_specific": {
"cwes": [
{
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code"
}
]
},
"package": {
"ecosystem": "npm",
"name": "admin10001"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "SEMVER"
}
],
"versions": [
"1.0.3",
"1.0.0",
"1.0.4",
"1.0.7",
"1.0.10",
"1.0.8",
"1.0.14",
"1.0.13",
"1.0.15",
"1.0.22",
"1.0.21",
"1.0.20",
"1.0.18",
"1.0.24",
"1.0.27",
"1.0.25",
"1.0.31",
"1.0.29",
"1.0.34",
"1.0.40",
"1.0.35",
"1.0.36",
"1.0.38",
"1.0.45",
"1.0.43",
"1.0.41",
"1.0.46",
"1.0.48",
"1.0.52",
"1.0.49",
"1.0.51",
"1.0.53",
"1.0.56",
"1.0.58",
"1.0.64",
"1.0.61",
"1.0.59",
"1.0.67",
"1.0.70",
"1.0.74",
"1.0.71",
"1.0.73",
"1.0.69",
"1.0.65",
"1.0.78",
"1.0.79",
"1.0.76",
"1.0.82",
"1.0.84",
"1.0.96",
"1.0.89",
"1.0.94",
"1.0.93",
"1.0.90",
"1.0.92",
"1.0.107",
"1.0.98",
"1.0.106",
"1.0.100",
"1.0.105",
"1.0.111",
"1.0.118",
"1.0.113",
"1.0.115",
"1.0.117",
"1.0.120",
"1.0.126",
"1.0.125",
"1.0.122",
"1.0.127",
"1.0.124",
"1.0.132",
"1.0.133",
"1.0.129",
"1.0.134",
"1.0.137",
"1.0.138",
"1.0.144",
"1.0.141",
"1.0.142",
"1.0.143",
"1.0.145",
"1.0.153",
"1.0.156",
"1.0.148",
"1.0.151",
"1.0.150",
"1.0.165",
"1.0.158",
"1.0.164",
"1.0.161",
"1.0.166",
"1.0.159",
"1.0.174",
"1.0.173",
"1.0.172",
"1.0.171",
"1.0.177",
"1.0.178",
"1.0.183",
"1.0.181",
"1.0.182"
]
}
],
"aliases": [
"GHSA-m8m9-h738-g5fh"
],
"credits": [
{
"contact": [
"https://github.com/ossf/package-analysis",
"https://openssf.slack.com/channels/package_analysis"
],
"name": "OpenSSF: Package Analysis",
"type": "FINDER"
}
],
"database_specific": {
"malicious-packages-origins": [
{
"import_time": "2026-01-16T14:07:59.038874202Z",
"modified_time": "2026-01-16T14:05:52Z",
"sha256": "543fb72dd74b0801e24b9fc6a43ed5d9e4174a52f66aefe1d2326b3ec4479169",
"source": "ossf-package-analysis",
"versions": [
"1.0.3"
]
},
{
"import_time": "2026-01-16T14:07:58.961413068Z",
"modified_time": "2026-01-16T13:51:12Z",
"sha256": "c41f0f4e4bc9426a89f82f30c8d33ccbd2b95dc47f1a8c79cb0ae3a2a6c7ff66",
"source": "ossf-package-analysis",
"versions": [
"1.0.0"
]
},
{
"import_time": "2026-01-16T14:41:29.493466557Z",
"modified_time": "2026-01-16T14:12:25Z",
"sha256": "ac69c191b3d52f36cda36bc4359ae3a62f407c142b505fd6393535e822b52f59",
"source": "ossf-package-analysis",
"versions": [
"1.0.4"
]
},
{
"import_time": "2026-01-16T15:08:37.295231914Z",
"modified_time": "2026-01-16T15:07:51Z",
"sha256": "a3e25d3ac3e77c1f6287100db0a8222ba90e55124a4128ff7136ee5e77d72266",
"source": "ossf-package-analysis",
"versions": [
"1.0.7"
]
},
{
"import_time": "2026-01-16T15:40:14.363657571Z",
"modified_time": "2026-01-16T15:15:55Z",
"sha256": "fbba6d4c418ec45bbd5c77a2b40f1a3335b5d2bd846f2fb53ad3bcea6a64a889",
"source": "ossf-package-analysis",
"versions": [
"1.0.10"
]
},
{
"import_time": "2026-01-16T15:40:14.195769174Z",
"modified_time": "2026-01-16T15:12:39Z",
"sha256": "e3ec3f1ce4d68547a01ee5577c5d4163890db4bba874034852b9b5e30a6c0cf1",
"source": "ossf-package-analysis",
"versions": [
"1.0.8"
]
},
{
"import_time": "2026-01-16T16:09:00.202789966Z",
"modified_time": "2026-01-16T15:45:56Z",
"sha256": "1d08c9d7244ae2b190885a1c094d72243c46eae5cd3b638bee2e9b2ee18100e0",
"source": "ossf-package-analysis",
"versions": [
"1.0.14"
]
},
{
"import_time": "2026-01-16T16:09:00.104309823Z",
"modified_time": "2026-01-16T15:41:01Z",
"sha256": "27fc8e3904a37e6077895c344947a72495813dcfc208b4dea2b4bb5b415e706b",
"source": "ossf-package-analysis",
"versions": [
"1.0.13"
]
},
{
"import_time": "2026-01-16T16:09:00.289628981Z",
"modified_time": "2026-01-16T15:50:30Z",
"sha256": "66ae1ed071b8fef7052c076fb433103cc4f0081a26bc1419f303f699006d0fca",
"source": "ossf-package-analysis",
"versions": [
"1.0.15"
]
},
{
"import_time": "2026-01-16T16:44:37.945547425Z",
"modified_time": "2026-01-16T16:36:04Z",
"sha256": "fad3da234cfebc43b5db538b45b2afd6214af829618013ee42e9a43c5c10da32",
"source": "ossf-package-analysis",
"versions": [
"1.0.22"
]
},
{
"import_time": "2026-01-16T16:44:37.864172509Z",
"modified_time": "2026-01-16T16:20:46Z",
"sha256": "555b7350f527f78c99a5b10b702cf257d6933e6cf674a00243a4bebbd94507cf",
"source": "ossf-package-analysis",
"versions": [
"1.0.21"
]
},
{
"import_time": "2026-01-16T16:44:37.732554935Z",
"modified_time": "2026-01-16T16:15:44Z",
"sha256": "b2bf28e629e80790dd731a7ce12881c3a910229f3217dfe11dab6ea97d389e32",
"source": "ossf-package-analysis",
"versions": [
"1.0.20"
]
},
{
"import_time": "2026-01-16T16:44:37.640790896Z",
"modified_time": "2026-01-16T16:10:55Z",
"sha256": "c43ff6ef9b8494597d950016bf4bd40dcbecd638275e9263e57b2359e488955c",
"source": "ossf-package-analysis",
"versions": [
"1.0.18"
]
},
{
"import_time": "2026-01-16T17:40:25.543254635Z",
"modified_time": "2026-01-16T17:21:12Z",
"sha256": "ce42e356159e6ebb423a8155b0d05c1f29db1ac276ba51567e1ba349ef222f33",
"source": "ossf-package-analysis",
"versions": [
"1.0.24"
]
},
{
"import_time": "2026-01-16T17:40:25.624270036Z",
"modified_time": "2026-01-16T17:30:33Z",
"sha256": "ee9103c6a8c8f47561a9497f92fd1f6147c3b5ee3a5eab60aa79aed89847e86b",
"source": "ossf-package-analysis",
"versions": [
"1.0.27"
]
},
{
"import_time": "2026-01-16T17:40:25.470841215Z",
"modified_time": "2026-01-16T17:20:37Z",
"sha256": "ffc47c76c6b9f1c6698913fb9d6c2fea00576d0363964d00d6554afe90b5e562",
"source": "ossf-package-analysis",
"versions": [
"1.0.25"
]
},
{
"import_time": "2026-01-16T18:09:54.620361759Z",
"modified_time": "2026-01-16T17:45:49Z",
"sha256": "8ff5e7ec4443819159014997d887f5910e2fa0d12380e68f27dd7fe02268ebd4",
"source": "ossf-package-analysis",
"versions": [
"1.0.31"
]
},
{
"import_time": "2026-01-16T18:09:54.494815089Z",
"modified_time": "2026-01-16T17:42:35Z",
"sha256": "c87cb8a8f5ae214d9f4819e47753adda465323ac66a26b79f0e9e5c539a283b4",
"source": "ossf-package-analysis",
"versions": [
"1.0.29"
]
},
{
"import_time": "2026-01-16T18:46:27.402556066Z",
"modified_time": "2026-01-16T18:15:41Z",
"sha256": "16c76fdf8e2061f3f88a1e60e756633dcf4a8966595a80620760567f65831a69",
"source": "ossf-package-analysis",
"versions": [
"1.0.34"
]
},
{
"import_time": "2026-01-16T18:46:27.828650676Z",
"modified_time": "2026-01-16T18:45:33Z",
"sha256": "2064ead1b4e9052cc303811c7374b83825b56837eda6dc60e43cb95af2f0a151",
"source": "ossf-package-analysis",
"versions": [
"1.0.40"
]
},
{
"import_time": "2026-01-16T18:46:27.488017602Z",
"modified_time": "2026-01-16T18:20:59Z",
"sha256": "208c1ae77f4027350dfca2605206df85b13b658dc24890d957bbdc60f40f9396",
"source": "ossf-package-analysis",
"versions": [
"1.0.35"
]
},
{
"import_time": "2026-01-16T18:46:27.566949229Z",
"modified_time": "2026-01-16T18:30:37Z",
"sha256": "3c04dc19dbc1db62dc9a3b9fd6d8ed26e39883880de6c5a87d615a33a3ccbb74",
"source": "ossf-package-analysis",
"versions": [
"1.0.36"
]
},
{
"import_time": "2026-01-16T18:46:27.679089011Z",
"modified_time": "2026-01-16T18:35:38Z",
"sha256": "440bbac5c4f27ef7b2ee0288a0615fa77fe4293314ffdb4c6c8c0d78f1583249",
"source": "ossf-package-analysis",
"versions": [
"1.0.38"
]
},
{
"import_time": "2026-01-16T19:07:44.070423493Z",
"modified_time": "2026-01-16T19:05:41Z",
"sha256": "19885823895b896b44b34561a531661b09628a7a9900a4fb9332c0859495fb84",
"source": "ossf-package-analysis",
"versions": [
"1.0.45"
]
},
{
"import_time": "2026-01-16T19:07:44.021289327Z",
"modified_time": "2026-01-16T19:00:53Z",
"sha256": "51f810a57b93814d5268865610bf2ff3f5dfb1f269be1704acada868b4ab8601",
"source": "ossf-package-analysis",
"versions": [
"1.0.43"
]
},
{
"import_time": "2026-01-16T19:07:43.974445949Z",
"modified_time": "2026-01-16T18:55:48Z",
"sha256": "b6d1f1d967afed49ea592048cde946c1831f0168ded0bf94c687e0dd3eb3a81b",
"source": "ossf-package-analysis",
"versions": [
"1.0.41"
]
},
{
"import_time": "2026-01-17T04:14:37.204544557Z",
"modified_time": "2026-01-17T04:10:43Z",
"sha256": "fc67b8ddf34643f5a2e97b0e4df221d39164dabf0614f6686ab3de7017647ebe",
"source": "ossf-package-analysis",
"versions": [
"1.0.46"
]
},
{
"import_time": "2026-01-17T06:45:09.73035886Z",
"modified_time": "2026-01-17T06:21:06Z",
"sha256": "929cd54329878cd6858e78423242aeddbd33a30a2468e2c8e9fd5864d1974812",
"source": "ossf-package-analysis",
"versions": [
"1.0.48"
]
},
{
"import_time": "2026-01-17T07:06:43.889484293Z",
"modified_time": "2026-01-17T06:55:43Z",
"sha256": "991543df652fd7185da92e596ee3013c6c05fad74a0f71a595cd1bbce88b1d86",
"source": "ossf-package-analysis",
"versions": [
"1.0.52"
]
},
{
"import_time": "2026-01-17T07:06:43.730869911Z",
"modified_time": "2026-01-17T06:47:55Z",
"sha256": "efb530add1c5ecb091a091420daa41b612ccd830738ac7ba75b7a1d4ef165f35",
"source": "ossf-package-analysis",
"versions": [
"1.0.49"
]
},
{
"import_time": "2026-01-17T07:06:43.799753541Z",
"modified_time": "2026-01-17T06:53:28Z",
"sha256": "f71f93f03e71e6570a0ccf87a3ece7dbf62dd5462b951518a3c07cf065fe4886",
"source": "ossf-package-analysis",
"versions": [
"1.0.51"
]
},
{
"import_time": "2026-01-17T07:36:20.215357323Z",
"modified_time": "2026-01-17T07:12:54Z",
"sha256": "0e7d489c0c704a2542c08b1a494b4970911af27d7cf3554e68758e023fd1275c",
"source": "ossf-package-analysis",
"versions": [
"1.0.53"
]
},
{
"import_time": "2026-01-17T08:08:22.128581162Z",
"modified_time": "2026-01-17T07:41:03Z",
"sha256": "73fa51e1611624b69804026933fe6d6d5b0fcd327b462538cf98e9c79c5b2550",
"source": "ossf-package-analysis",
"versions": [
"1.0.56"
]
},
{
"import_time": "2026-01-17T08:08:22.249538526Z",
"modified_time": "2026-01-17T07:45:52Z",
"sha256": "d57d805cb7bcac315645c40191a9f6189bae5dc8d4e04ffb9480521ad393b1fb",
"source": "ossf-package-analysis",
"versions": [
"1.0.58"
]
},
{
"import_time": "2026-01-17T08:08:22.646913854Z",
"modified_time": "2026-01-17T08:07:22Z",
"sha256": "dbc4cae10057b343e1d0351197a5f2ec3a5868db2398fd9b932ee85d578bcceb",
"source": "ossf-package-analysis",
"versions": [
"1.0.64"
]
},
{
"import_time": "2026-01-17T08:08:22.525178464Z",
"modified_time": "2026-01-17T08:02:44Z",
"sha256": "e4a1605eb8edde8bdbf8b9ff6102fc8eb47e350badb5208a6261aff54e61be0f",
"source": "ossf-package-analysis",
"versions": [
"1.0.61"
]
},
{
"import_time": "2026-01-17T08:08:22.380285066Z",
"modified_time": "2026-01-17T07:52:50Z",
"sha256": "f888fd0354210b05cae0ba6adafe5dd47dbd1371374e07b9d7a19ea14c3f75de",
"source": "ossf-package-analysis",
"versions": [
"1.0.59"
]
},
{
"import_time": "2026-01-17T08:41:19.120675984Z",
"modified_time": "2026-01-17T08:18:07Z",
"sha256": "360798947fd54054c509ecccc0806e40166dfff880a84a3b49f340b0801e1904",
"source": "ossf-package-analysis",
"versions": [
"1.0.67"
]
},
{
"import_time": "2026-01-17T08:41:19.303983768Z",
"modified_time": "2026-01-17T08:25:40Z",
"sha256": "597484cf4de0ae0520e70b192353c5b8f30a3eb8011b7d9d58e774b82221d26b",
"source": "ossf-package-analysis",
"versions": [
"1.0.70"
]
},
{
"import_time": "2026-01-17T08:41:19.586444977Z",
"modified_time": "2026-01-17T08:40:28Z",
"sha256": "7cd53ffa0b7cda490b747edc963811a28de45ef05892d345c99d4977876e2c71",
"source": "ossf-package-analysis",
"versions": [
"1.0.74"
]
},
{
"import_time": "2026-01-17T08:41:19.471567038Z",
"modified_time": "2026-01-17T08:32:46Z",
"sha256": "d7f7f2cf09d78dbf1ab254712099d508bcf4ca877fd0cbffb875c29bfc62e3a5",
"source": "ossf-package-analysis",
"versions": [
"1.0.71"
]
},
{
"import_time": "2026-01-17T08:41:19.534355007Z",
"modified_time": "2026-01-17T08:35:44Z",
"sha256": "0da41dfa4bd921a7005518748d378c70504ce05dba1e187770c5da74ad4e4837",
"source": "ossf-package-analysis",
"versions": [
"1.0.73"
]
},
{
"import_time": "2026-01-17T08:41:19.234066768Z",
"modified_time": "2026-01-17T08:20:34Z",
"sha256": "1430b44a47f128fd5d5fb41cccd529631cf986837da0b9ccfdc2e43cb4e0cd2f",
"source": "ossf-package-analysis",
"versions": [
"1.0.69"
]
},
{
"import_time": "2026-01-17T08:41:18.880844075Z",
"modified_time": "2026-01-17T08:13:27Z",
"sha256": "19c2b80ee788e263ddf0f9b07cd2852f226c907f91fc07b0f941a0f4d1f3b901",
"source": "ossf-package-analysis",
"versions": [
"1.0.65"
]
},
{
"import_time": "2026-01-17T09:06:53.056536258Z",
"modified_time": "2026-01-17T08:53:04Z",
"sha256": "8d9c6a903ba691d2bd86d684c376059d4a3cc30768ddcb1bebb86f193814c2fb",
"source": "ossf-package-analysis",
"versions": [
"1.0.78"
]
},
{
"import_time": "2026-01-17T09:06:53.242243874Z",
"modified_time": "2026-01-17T09:02:35Z",
"sha256": "ab7607b7d949dacae1680cb4000791e3a341924f8b2ba9da0dc473193c03b7da",
"source": "ossf-package-analysis",
"versions": [
"1.0.79"
]
},
{
"import_time": "2026-01-17T09:06:52.799535094Z",
"modified_time": "2026-01-17T08:45:24Z",
"sha256": "d0a8fafee7fe3b2d18d37ddb21b9776ea0c6b056e58573bd8ce18991f39cc5dc",
"source": "ossf-package-analysis",
"versions": [
"1.0.76"
]
},
{
"import_time": "2026-01-17T09:37:06.911872038Z",
"modified_time": "2026-01-17T09:17:36Z",
"sha256": "3da503f36c8d9192d9d020068b8db1ff49c164c5be19c886a98fdc3900a9f319",
"source": "ossf-package-analysis",
"versions": [
"1.0.82"
]
},
{
"import_time": "2026-01-17T09:37:06.962631725Z",
"modified_time": "2026-01-17T09:23:08Z",
"sha256": "47c8d9e595a1819be1d5df558a25c1372ae771db8e28fa82350517e8daa17b92",
"source": "ossf-package-analysis",
"versions": [
"1.0.84"
]
},
{
"import_time": "2026-01-17T10:07:07.589915902Z",
"modified_time": "2026-01-17T10:00:46Z",
"sha256": "bb295829c6159abbf52fbadeb6bd33b73dbccac67b235fd5dde0433aeb9816b7",
"source": "ossf-package-analysis",
"versions": [
"1.0.96"
]
},
{
"import_time": "2026-01-17T10:07:07.172093072Z",
"modified_time": "2026-01-17T09:40:41Z",
"sha256": "da99a14eb723185e64223fdc6db454de9d178f2f68fe5ffd85eb210eb82c3c0d",
"source": "ossf-package-analysis",
"versions": [
"1.0.89"
]
},
{
"import_time": "2026-01-17T10:07:07.511904023Z",
"modified_time": "2026-01-17T09:57:23Z",
"sha256": "20e7a90b1148f11a37a83485f7c2bf4127ecd600123a7f6a9aff0d8ec2f9f453",
"source": "ossf-package-analysis",
"versions": [
"1.0.94"
]
},
{
"import_time": "2026-01-17T10:07:07.415227473Z",
"modified_time": "2026-01-17T09:56:01Z",
"sha256": "a290b9e631d1c85d6bcdbff8118aa4d51087bc8537f626b62006ef3ff38bfaaa",
"source": "ossf-package-analysis",
"versions": [
"1.0.93"
]
},
{
"import_time": "2026-01-17T10:07:07.251000849Z",
"modified_time": "2026-01-17T09:48:00Z",
"sha256": "a5510f9480f8169cae5336c80eb5f0108775b195a487171713cb24eeea29f607",
"source": "ossf-package-analysis",
"versions": [
"1.0.90"
]
},
{
"import_time": "2026-01-17T10:07:07.346589417Z",
"modified_time": "2026-01-17T09:53:08Z",
"sha256": "b7d140518be652f49a038ed0728ec6814d8c2c434a22e1d3ae955e5d8bdd07c7",
"source": "ossf-package-analysis",
"versions": [
"1.0.92"
]
},
{
"import_time": "2026-01-17T10:39:28.190435423Z",
"modified_time": "2026-01-17T10:35:18Z",
"sha256": "065613074af4477848f512912797945118719f8a78d11e96304c37e450569850",
"source": "ossf-package-analysis",
"versions": [
"1.0.107"
]
},
{
"import_time": "2026-01-17T10:39:27.595375971Z",
"modified_time": "2026-01-17T10:07:51Z",
"sha256": "3ed48c1606aff2e84ffe1fdaa79c62494e4fcb8c7a47e0597c3ac6fe5e135b5b",
"source": "ossf-package-analysis",
"versions": [
"1.0.98"
]
},
{
"import_time": "2026-01-17T10:39:28.04685767Z",
"modified_time": "2026-01-17T10:31:54Z",
"sha256": "7a8b88010e39d987d9f25cd9ea93c8ade7ea21324cacec3dd173f5aae81b6692",
"source": "ossf-package-analysis",
"versions": [
"1.0.106"
]
},
{
"import_time": "2026-01-17T10:39:27.729004003Z",
"modified_time": "2026-01-17T10:16:01Z",
"sha256": "db4638bf3a3ff59bb301562d409fd5bd419363b98758080317e3f0e345f47552",
"source": "ossf-package-analysis",
"versions": [
"1.0.100"
]
},
{
"import_time": "2026-01-17T10:39:27.870918692Z",
"modified_time": "2026-01-17T10:25:39Z",
"sha256": "e43fcc415f5112615332d224452f5599c283baab07366e151c2276261d589118",
"source": "ossf-package-analysis",
"versions": [
"1.0.105"
]
},
{
"import_time": "2026-01-17T11:06:03.041672083Z",
"modified_time": "2026-01-17T10:52:02Z",
"sha256": "06581108b30f673871cd404bdb0720897b2b73c1d421f612f02760e024054317",
"source": "ossf-package-analysis",
"versions": [
"1.0.111"
]
},
{
"import_time": "2026-01-17T11:06:03.444261869Z",
"modified_time": "2026-01-17T11:02:52Z",
"sha256": "4e6a9817843761a809cf3fd1fe76da31f8844953e0c3eaaf050afc2d04ec87b4",
"source": "ossf-package-analysis",
"versions": [
"1.0.118"
]
},
{
"import_time": "2026-01-17T11:06:02.886017685Z",
"modified_time": "2026-01-17T10:47:43Z",
"sha256": "57c3ba16eca940b07c47a4ea8d075299d1c7eee3fb9ea9a9b326c02272821057",
"source": "ossf-package-analysis",
"versions": [
"1.0.113"
]
},
{
"import_time": "2026-01-17T11:06:03.161007174Z",
"modified_time": "2026-01-17T11:00:16Z",
"sha256": "8c15de751bb5d1f0006a71e212f335ffd74bb38189943eda1f20b6d178a87f61",
"source": "ossf-package-analysis",
"versions": [
"1.0.115"
]
},
{
"import_time": "2026-01-17T11:06:03.312092314Z",
"modified_time": "2026-01-17T11:00:43Z",
"sha256": "b033608c424325fff07b10276f2920dcbfc9d8c2d0792b1c8e372fbf649e03db",
"source": "ossf-package-analysis",
"versions": [
"1.0.117"
]
},
{
"import_time": "2026-01-17T11:06:03.621743191Z",
"modified_time": "2026-01-17T11:05:42Z",
"sha256": "bc672c8c239e216dc97e0afb960b626c00290ca68d4c1b58da8e01bcf7d03507",
"source": "ossf-package-analysis",
"versions": [
"1.0.120"
]
},
{
"import_time": "2026-01-17T11:35:05.495287828Z",
"modified_time": "2026-01-17T11:26:34Z",
"sha256": "057d5b06d7be3ec1139a4f7cbba28913a60f2c294a2f844158f7a505e81a50e3",
"source": "ossf-package-analysis",
"versions": [
"1.0.126"
]
},
{
"import_time": "2026-01-17T11:35:05.384470307Z",
"modified_time": "2026-01-17T11:25:49Z",
"sha256": "08593591df75a95659f1dfa1a733c5f48f86ee2fdb3229d5a2fecbb4d548d1a0",
"source": "ossf-package-analysis",
"versions": [
"1.0.125"
]
},
{
"import_time": "2026-01-17T11:35:05.151027703Z",
"modified_time": "2026-01-17T11:10:35Z",
"sha256": "0b75fe7c6ad18465920677f6e7f6c7e4e8b21d64e0d6452bc99817d65fc993b3",
"source": "ossf-package-analysis",
"versions": [
"1.0.122"
]
},
{
"import_time": "2026-01-17T11:35:05.567576179Z",
"modified_time": "2026-01-17T11:32:41Z",
"sha256": "4979c444595ddb6c13858e5bead517969f4d8d0b52a3533522785e228f8d1b26",
"source": "ossf-package-analysis",
"versions": [
"1.0.127"
]
},
{
"import_time": "2026-01-17T11:35:05.282547832Z",
"modified_time": "2026-01-17T11:15:41Z",
"sha256": "a3ba08b26c7ce775bcd400bcb9ec3e2e24a69d8e229c425074935364cadd7c12",
"source": "ossf-package-analysis",
"versions": [
"1.0.124"
]
},
{
"import_time": "2026-01-17T12:10:21.036907306Z",
"modified_time": "2026-01-17T11:45:32Z",
"sha256": "3232e3402d7082e7e19ebec1865e8bc803955eb1d73039dfedadb813eaf07fe2",
"source": "ossf-package-analysis",
"versions": [
"1.0.132"
]
},
{
"import_time": "2026-01-17T12:10:21.337396894Z",
"modified_time": "2026-01-17T11:51:49Z",
"sha256": "6143fa5cc4699ddc78dadecef6fd58332dcf809f64af8d6f6419a190d8e964b8",
"source": "ossf-package-analysis",
"versions": [
"1.0.133"
]
},
{
"import_time": "2026-01-17T12:10:21.182501437Z",
"modified_time": "2026-01-17T11:46:11Z",
"sha256": "ed0a59a1f800cf1224b6813e1544a520a99b25eca9db4bdaeceb3c34e67cbf10",
"source": "ossf-package-analysis",
"versions": [
"1.0.129"
]
},
{
"import_time": "2026-01-17T12:10:21.490349636Z",
"modified_time": "2026-01-17T11:52:30Z",
"sha256": "ffc5842edfa21504feb5f04f899203c7d7c4db20f0498129c8ab7d63faa5600e",
"source": "ossf-package-analysis",
"versions": [
"1.0.134"
]
},
{
"import_time": "2026-01-17T12:47:34.093438754Z",
"modified_time": "2026-01-17T12:36:02Z",
"sha256": "f50253c375671d7ed730ccd9274c9da9cccaadb2021c4675c2f769af14885bb5",
"source": "ossf-package-analysis",
"versions": [
"1.0.137"
]
},
{
"import_time": "2026-01-17T12:47:34.168603557Z",
"modified_time": "2026-01-17T12:40:36Z",
"sha256": "40a0b0cec093a65543a56c71f39750f1cc6f8fdb81ace3c6e633d05b05a70830",
"source": "ossf-package-analysis",
"versions": [
"1.0.138"
]
},
{
"import_time": "2026-01-17T14:06:37.063882719Z",
"modified_time": "2026-01-17T13:59:03Z",
"sha256": "96830100fcb131c3244486a041c6778616fd2dd25a17687230aef1c5edca695c",
"source": "ossf-package-analysis",
"versions": [
"1.0.144"
]
},
{
"import_time": "2026-01-17T14:06:36.752062009Z",
"modified_time": "2026-01-17T13:40:48Z",
"sha256": "9d5ba5e5dc407e58402d25c6df9873fb88df8cb0930ca3d13d819717b1a98578",
"source": "ossf-package-analysis",
"versions": [
"1.0.141"
]
},
{
"import_time": "2026-01-17T14:06:36.946662508Z",
"modified_time": "2026-01-17T13:46:01Z",
"sha256": "cd570fc6c4233498e2350e93058f514a00c6bc39541a7d2c3e7c482a276277c2",
"source": "ossf-package-analysis",
"versions": [
"1.0.142"
]
},
{
"import_time": "2026-01-17T14:06:36.854131839Z",
"modified_time": "2026-01-17T13:44:34Z",
"sha256": "22a7558b1e322f37fa3d363d96e1aaded08c768f72b8fd90b18f2f80b7c2c4fa",
"source": "ossf-package-analysis",
"versions": [
"1.0.143"
]
},
{
"import_time": "2026-01-17T14:06:37.133903767Z",
"modified_time": "2026-01-17T14:01:31Z",
"sha256": "8672caeb8f47df3104dd646404cd8e28b458d1624598e0d80d1fd42439ca828a",
"source": "ossf-package-analysis",
"versions": [
"1.0.145"
]
},
{
"import_time": "2026-01-17T14:37:47.758629711Z",
"modified_time": "2026-01-17T14:30:06Z",
"sha256": "0950151b145e142edfb323c5c11b5886c168597e6c4ee610e01fae322e8770e7",
"source": "ossf-package-analysis",
"versions": [
"1.0.153"
]
},
{
"import_time": "2026-01-17T14:37:47.879631869Z",
"modified_time": "2026-01-17T14:35:40Z",
"sha256": "3b207ad3f7d81eba33baf0e73a6d084e6308205694118e0e8b53ca90db90975f",
"source": "ossf-package-analysis",
"versions": [
"1.0.156"
]
},
{
"import_time": "2026-01-17T14:37:47.398040166Z",
"modified_time": "2026-01-17T14:12:05Z",
"sha256": "7121d10eef1f9226847710eb3388f62c0310d73de9552c58596a0994e10da01d",
"source": "ossf-package-analysis",
"versions": [
"1.0.148"
]
},
{
"import_time": "2026-01-17T14:37:47.634244169Z",
"modified_time": "2026-01-17T14:25:31Z",
"sha256": "76ef12a4be844350e27684d971d144c87a6679860bc8b1506cfffaadbf29a90c",
"source": "ossf-package-analysis",
"versions": [
"1.0.151"
]
},
{
"import_time": "2026-01-17T14:37:47.515330671Z",
"modified_time": "2026-01-17T14:18:40Z",
"sha256": "84162e495460678d2235237f14d64beacd49479fd1d27f72c25e829433056aa5",
"source": "ossf-package-analysis",
"versions": [
"1.0.150"
]
},
{
"import_time": "2026-01-17T15:06:51.602599026Z",
"modified_time": "2026-01-17T15:00:33Z",
"sha256": "6ecac505af062b8b61b70cef2b6250fe606d4cb97223a1dfdc083e47f78340bd",
"source": "ossf-package-analysis",
"versions": [
"1.0.165"
]
},
{
"import_time": "2026-01-17T15:06:51.292859602Z",
"modified_time": "2026-01-17T14:42:41Z",
"sha256": "b69581a75bc5a3893fedda1a321909eeddf3a3bfc63e2a93cb602ed2256d6abd",
"source": "ossf-package-analysis",
"versions": [
"1.0.158"
]
},
{
"import_time": "2026-01-17T15:06:51.529596503Z",
"modified_time": "2026-01-17T14:57:15Z",
"sha256": "cff45ada73c4ab37d14e0723be4f58133493b62f10763ae0a8ba8e517982a152",
"source": "ossf-package-analysis",
"versions": [
"1.0.164"
]
},
{
"import_time": "2026-01-17T15:06:51.443745695Z",
"modified_time": "2026-01-17T14:50:37Z",
"sha256": "e9fb1231ae3cd53083313c683ab89e9a63cdaa8a14e486ae220008216b122b39",
"source": "ossf-package-analysis",
"versions": [
"1.0.161"
]
},
{
"import_time": "2026-01-17T15:06:51.650067753Z",
"modified_time": "2026-01-17T15:05:43Z",
"sha256": "ed4a798a170a22408bd3e00a02adeeaafde408a3cf29660c0e616c570c3788eb",
"source": "ossf-package-analysis",
"versions": [
"1.0.166"
]
},
{
"import_time": "2026-01-17T15:06:51.361446292Z",
"modified_time": "2026-01-17T14:47:47Z",
"sha256": "00371c7c4e0bf6131fc0622b400f207ea46dbc10d72777bcb034dc76b3d3c3a3",
"source": "ossf-package-analysis",
"versions": [
"1.0.159"
]
},
{
"import_time": "2026-01-17T15:36:57.228644421Z",
"modified_time": "2026-01-17T15:35:20Z",
"sha256": "16f849793fcc6285160d559fe65947314c6d7bb02d9922df54c923f0587414a1",
"source": "ossf-package-analysis",
"versions": [
"1.0.174"
]
},
{
"import_time": "2026-01-17T15:36:57.080282204Z",
"modified_time": "2026-01-17T15:30:45Z",
"sha256": "a7cf6c5926cd4e790090969f4518c41060affd67e9b7a240c73eadfe4fa51227",
"source": "ossf-package-analysis",
"versions": [
"1.0.173"
]
},
{
"import_time": "2026-01-17T15:36:56.961566461Z",
"modified_time": "2026-01-17T15:25:42Z",
"sha256": "d608aabe6b4b37ceb4898e7a37cd9fcda98fcc7d99784b17ba9521a9c1158826",
"source": "ossf-package-analysis",
"versions": [
"1.0.172"
]
},
{
"import_time": "2026-01-17T15:36:56.820096138Z",
"modified_time": "2026-01-17T15:23:04Z",
"sha256": "dee826515737ea7ded6cea7337849ccec95a9ce6a7850cce422cc2d5d2b4c39d",
"source": "ossf-package-analysis",
"versions": [
"1.0.171"
]
},
{
"import_time": "2026-01-17T16:07:02.841098656Z",
"modified_time": "2026-01-17T15:45:48Z",
"sha256": "1f54c3bd7d64dec032b8f5a6c4e1a985fede8fefd1e4244b8d5923da31db07a7",
"source": "ossf-package-analysis",
"versions": [
"1.0.177"
]
},
{
"import_time": "2026-01-17T16:07:02.933292785Z",
"modified_time": "2026-01-17T15:50:24Z",
"sha256": "73315c4a5483881966d3825794dd5d648fe5dd56ebc1e7768a94b6fa92fa57e5",
"source": "ossf-package-analysis",
"versions": [
"1.0.178"
]
},
{
"import_time": "2026-01-17T16:40:05.793286845Z",
"modified_time": "2026-01-17T16:25:27Z",
"sha256": "16856438f1c5bb6b230cb87e8903e6b603fbb6016ac85e9921557e9d70204e9f",
"source": "ossf-package-analysis",
"versions": [
"1.0.183"
]
},
{
"import_time": "2026-01-17T16:40:05.5339204Z",
"modified_time": "2026-01-17T16:20:37Z",
"sha256": "b19919b3c5e5ebb2432be9f256602e9a733e920f3d852a0322afb406819c425c",
"source": "ossf-package-analysis",
"versions": [
"1.0.181"
]
},
{
"import_time": "2026-01-17T16:40:05.66652417Z",
"modified_time": "2026-01-17T16:20:51Z",
"sha256": "fabd7b0c29859eb3373fc29ec60b7ae35129c10d27f07b7fd336f475afbb0aeb",
"source": "ossf-package-analysis",
"versions": [
"1.0.182"
]
},
{
"id": "GHSA-m8m9-h738-g5fh",
"import_time": "2026-01-19T01:53:37.789678792Z",
"modified_time": "2026-01-19T01:07:29Z",
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "SEMVER"
}
],
"sha256": "cd2649bb4fa68be63a9cdca6eb598a2c9b756cdfbbf050c3fa915074bccb1e1d",
"source": "ghsa-malware"
}
]
},
"details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (cd2649bb4fa68be63a9cdca6eb598a2c9b756cdfbbf050c3fa915074bccb1e1d)\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.\n\n## Source: ossf-package-analysis (065613074af4477848f512912797945118719f8a78d11e96304c37e450569850)\nThe OpenSSF Package Analysis project identified \u0027admin10001\u0027 @ 1.0.107 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n",
"id": "MAL-2026-322",
"modified": "2026-01-19T01:55:13Z",
"published": "2026-01-16T13:51:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-m8m9-h738-g5fh"
}
],
"schema_version": "1.7.4",
"summary": "Malicious code in admin10001 (npm)"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…