MAL-2025-41254

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/orion-ui/MAL-2025-41254.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-41254
Published
2025-08-20T17:11:10Z
Modified
2025-08-22T07:35:11Z
Summary
Malicious code in orion-ui (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: ossf-package-analysis (d017f02da39bfb33285066e5d65476f32d57195efe73652d4659863fe7b0367c)

The OpenSSF Package Analysis project identified 'orion-ui' @ 9.2.3 (npm) as malicious.

It is considered malicious because:

  • The package communicates with a domain associated with malicious activity.

  • The package executes one or more commands associated with malicious behavior.

Database specific
{
    "malicious-packages-origins": [
        {
            "modified_time": "2025-08-20T17:11:10Z",
            "versions": [
                "9.2.2"
            ],
            "sha256": "7ac90e76b2fb70f69e55725454a984790ba0762e1aab99c071f5b67b3c985edd",
            "import_time": "2025-08-20T17:36:30.221786675Z",
            "source": "ossf-package-analysis"
        },
        {
            "modified_time": "2025-08-22T07:16:15Z",
            "versions": [
                "9.2.3"
            ],
            "sha256": "d017f02da39bfb33285066e5d65476f32d57195efe73652d4659863fe7b0367c",
            "import_time": "2025-08-22T07:34:46.061282563Z",
            "source": "ossf-package-analysis"
        }
    ]
}
References
Credits

Affected packages

npm / orion-ui

Package

Affected ranges

Affected versions

9.*
9.1.1
9.1.2
9.2.2
9.2.3

Database specific

source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/orion-ui/MAL-2025-41254.json"