MAL-2025-192809

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/jsonauth/MAL-2025-192809.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-192809
Aliases
  • SNYK-JS-JSONAUTH-14152266
Published
2025-12-23T08:17:51Z
Modified
2026-03-19T12:45:14.724183Z
Summary
Malicious code in jsonauth (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (6e3fccdac696d746d016d5baa43d1ccd9475daced2fe66c37adb172f91a78c68)

The package jsonauth was found to contain malicious code.

Database specific 
{
    "malicious-packages-origins": [
        {
            "modified_time": "2025-12-23T08:17:51Z",
            "import_time": "2025-12-24T10:07:23.868427374Z",
            "sha256": "b2e15ac6855d8cfed97e7774f58a71cfa204f0ef1da5d7c8956261b991a83e73",
            "versions": [
                "7.2.7"
            ],
            "source": "reversing-labs",
            "id": "RLMA-2025-06375"
        },
        {
            "modified_time": "2026-01-02T21:29:26Z",
            "import_time": "2026-01-02T21:35:51.881132798Z",
            "sha256": "6e3fccdac696d746d016d5baa43d1ccd9475daced2fe66c37adb172f91a78c68",
            "versions": [
                "7.2.7"
            ],
            "source": "amazon-inspector"
        },
        {
            "modified_time": "2026-03-18T12:55:57Z",
            "import_time": "2026-03-19T12:20:55.04291627Z",
            "sha256": "93c7d2298ad4d2edebf784691fb20536f2cb3985befe246bb26409bee2e201ba",
            "source": "reversing-labs",
            "id": "RLUA-2026-01372"
        }
    ]
}
References
Credits

Affected packages

npm / jsonauth

Package

Name
jsonauth
View open source insights on deps.dev
Purl
pkg:npm/jsonauth

Affected ranges

Affected versions

7.*
7.2.7

Database specific

source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/jsonauth/MAL-2025-192809.json"