MAL-2025-191593

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/tailwind-state/MAL-2025-191593.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-191593
Published
2025-12-01T13:26:43Z
Modified
2025-12-24T10:30:55.991337Z
Summary
Malicious code in tailwind-state (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (6a38d486faa9b2c50df466ad3d25dfa289548864c0fde19ad24d7da6421db683)

The package tailwind-state was found to contain malicious code.

Database specific 
{
    "malicious-packages-origins": [
        {
            "import_time": "2025-12-02T09:09:54.952585114Z",
            "modified_time": "2025-12-01T13:26:43Z",
            "source": "reversing-labs",
            "sha256": "5e671748e7d42fab74c13b0a53a365a668e732f63ea4ae54b8bf31c2567d40a5",
            "id": "RLMA-2025-05959",
            "versions": [
                "1.0.3"
            ]
        },
        {
            "import_time": "2025-12-02T21:35:55.682191699Z",
            "modified_time": "2025-12-02T21:11:00Z",
            "source": "amazon-inspector",
            "sha256": "6a38d486faa9b2c50df466ad3d25dfa289548864c0fde19ad24d7da6421db683",
            "versions": [
                "1.0.3"
            ]
        },
        {
            "import_time": "2025-12-24T10:07:35.75780256Z",
            "modified_time": "2025-12-23T08:32:19Z",
            "source": "reversing-labs",
            "sha256": "299ea83f5e351b1ef1cc9dcafbf99ebf9a3aac57d8f2ee800de6f4ddfc7814ab",
            "id": "RLUA-2025-06509"
        }
    ]
}
References
Credits

Affected packages

npm / tailwind-state

Package

Name
tailwind-state
View open source insights on deps.dev
Purl
pkg:npm/tailwind-state

Affected ranges

Affected versions

1.*
1.0.3

Database specific

source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/tailwind-state/MAL-2025-191593.json"