MAL-2025-32206

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/rhynpm/MAL-2025-32206.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-32206
Aliases
  • GHSA-5jr8-4283-75xm
Published
2025-08-14T18:52:04Z
Modified
2026-07-15T21:49:34.581394663Z
Summary
Malicious code in rhynpm (npm)
Details

The package rhynpm was found to contain malicious code.


-= Per source details. Do not edit below this line.=-

Source: ghsa-malware (32a726fb973a63bc1df07539cc817c5ded4ff281cd76ba9b7193b154578ad938)

The package rhynpm was found to contain malicious code.


Credit: OpenSSF (source)

Database specific
{
    "malicious-packages-origins": [
        {
            "source": "reversing-labs",
            "versions": [
                "1.0.0",
                "1.0.1",
                "1.0.2",
                "1.0.3",
                "1.0.4"
            ],
            "sha256": "da25c3c579bc2c0b09f42da60ce04f054b1f7b25b401282f1ca9b3a0d44d5d21",
            "id": "RLMA-2025-04670",
            "modified_time": "2025-08-28T07:38:52Z",
            "import_time": "2025-08-29T06:42:35.044717348Z"
        },
        {
            "id": "GHSA-5jr8-4283-75xm",
            "versions": [
                "1.0.4",
                "1.0.3",
                "1.0.2",
                "1.0.1",
                "1.0.0"
            ],
            "ranges": [
                {
                    "events": [
                        {
                            "introduced": "0.0.1-0"
                        }
                    ],
                    "type": "SEMVER"
                }
            ],
            "modified_time": "2026-07-15T21:01:17Z",
            "source": "ghsa-malware",
            "sha256": "32a726fb973a63bc1df07539cc817c5ded4ff281cd76ba9b7193b154578ad938",
            "import_time": "2026-07-15T21:34:23.194444309Z"
        }
    ]
}
References
Credits

Affected packages

npm / rhynpm

Package

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Type
SEMVER
Events
Introduced
0.0.1-0

Affected versions

1.*
1.0.0
1.0.1
1.0.2
1.0.3
1.0.4

Database specific

cwes
[
    {
        "name": "Embedded Malicious Code",
        "description": "The product contains code that appears to be malicious in nature.",
        "cweId": "CWE-506"
    }
]
source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/rhynpm/MAL-2025-32206.json"