MAL-2025-190492

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/worldskills/MAL-2025-190492.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2025-190492

Published

2025-11-13T17:54:50Z

Modified

2025-11-13T17:54:50Z

Summary

Malicious code in worldskills (npm)

Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (d245ace818f9e6d4526355bd80129354c139dd0b991e6df6ee6211df41110352)

The package worldskills was found to contain malicious code.

Database specific

{
    "malicious-packages-origins": [
        {
            "sha256": "d245ace818f9e6d4526355bd80129354c139dd0b991e6df6ee6211df41110352",
            "source": "amazon-inspector",
            "modified_time": "2025-11-13T17:54:50Z",
            "versions": [
                "1.0.6"
            ],
            "import_time": "2025-11-13T18:08:39.038792789Z"
        }
    ]
}

References

Credits

- Amazon Inspector - FINDER
- - actran@amazon.com

Affected packages

npm / worldskills

Package

Name: worldskills; View open source insights on deps.dev
Purl: pkg:npm/worldskills

Affected ranges

Affected versions

1.*

1.0.6

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/worldskills/MAL-2025-190492.json"