MAL-2025-2807
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@sas-dvr/nova-graph/MAL-2025-2807.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2025-2807
- Published
- 2025-03-31T04:50:58Z
- Modified
- 2025-04-28T05:47:09Z
- Summary
- Malicious code in @sas-dvr/nova-graph (npm)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: ossf-package-analysis (2ee49dd296a0db13b0118e5424d00aac99ea70cc3664bba504af096916e31998)
The OpenSSF Package Analysis project identified '@sas-dvr/nova-graph' @ 132.0.0 (npm) as malicious.
It is considered malicious because:
- The package communicates with a domain associated with malicious activity.
- Database specific
{ "malicious-packages-origins": [ { "sha256": "a004b8a712912389bc963af6af6b686564a92b57ef85becf55191418b57951c2", "import_time": "2025-03-31T05:06:34.579685524Z", "versions": [ "1.0.0" ], "source": "ossf-package-analysis", "modified_time": "2025-03-31T04:50:58Z" }, { "sha256": "2ee49dd296a0db13b0118e5424d00aac99ea70cc3664bba504af096916e31998", "import_time": "2025-03-31T05:37:03.875380457Z", "versions": [ "132.0.0" ], "source": "ossf-package-analysis", "modified_time": "2025-03-31T05:11:26Z" }, { "sha256": "424f7049bb090d3a1c8bc12675b3cfc9d22df66357c06925d297a303df6e16c8", "import_time": "2025-04-25T09:36:17.681205753Z", "versions": [ "1.0.0", "132.0.0" ], "id": "RLMA-2025-02052", "source": "reversing-labs", "modified_time": "2025-04-23T15:39:24Z" } ] }- References
-
- Credits
-
-
- OpenSSF: Package Analysis - FINDER
-
- ReversingLabs - FINDER
-
Affected packages
npm / @sas-dvr/nova-graph
Package
- Name
- @sas-dvr/nova-graph
- View open source insights on deps.dev
- Purl
- pkg:npm/%40sas-dvr/nova-graph