MAL-2025-41572

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/graphkitx/MAL-2025-41572.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2025-41572

Published

2025-08-28T07:29:57Z

Modified

2026-04-16T15:55:13.121185Z

Summary

Malicious code in graphkitx (npm)

Details

-= Per source details. Do not edit below this line.=-

Database specific

{
    "malicious-packages-origins": [
        {
            "id": "RLMA-2025-04548",
            "sha256": "4bab0b12e99a9b231eeb18b9b3cd476a1727f040b5d02535559b8d3d0c28258f",
            "import_time": "2025-08-29T06:42:23.974900697Z",
            "source": "reversing-labs",
            "modified_time": "2025-08-28T07:29:57Z",
            "versions": [
                "2.0.0",
                "2.1.0"
            ]
        },
        {
            "id": "RLUA-2026-01961",
            "sha256": "abeaef3781404f150f6fc6d94af571dd6039d107cf775b6b390b5fde065de496",
            "import_time": "2026-04-16T15:39:29.322562515Z",
            "source": "reversing-labs",
            "modified_time": "2026-04-16T09:59:26Z"
        }
    ]
}

References

https://www.reversinglabs.com/blog/inside-graphalgo

Credits

- Amazon Inspector - FINDER
- - actran@amazon.com
- ReversingLabs - FINDER
- - https://www.reversinglabs.com

Affected packages

npm / graphkitx

Package

Name: graphkitx; View open source insights on deps.dev
Purl: pkg:npm/graphkitx

Affected ranges

Affected versions

2.*

2.0.0

2.1.0

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/graphkitx/MAL-2025-41572.json"