MAL-2025-47027

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/prebid-universal-creative/MAL-2025-47027.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2025-47027

Published

2025-09-11T03:58:52Z

Modified

2025-09-11T03:58:52Z

Summary

Malicious code in prebid-universal-creative (npm)

Details

-= Per source details. Do not edit below this line.=-

Source: google-open-source-security (28a458913f2a945444606a3dd030b993b23a6388274a01a2ecdea26478e1b1d9)

This package was compromised and malicious code added as part of a phishing campaign.

Database specific

{
    "malicious-packages-origins": [
        {
            "import_time": "2025-09-11T03:59:18.960928Z",
            "source": "google-open-source-security",
            "versions": [
                "1.17.3"
            ],
            "modified_time": "2025-09-11T03:58:52Z",
            "sha256": "28a458913f2a945444606a3dd030b993b23a6388274a01a2ecdea26478e1b1d9"
        }
    ]
}

References

Affected packages

npm / prebid-universal-creative

Package

Name: prebid-universal-creative; View open source insights on deps.dev
Purl: pkg:npm/prebid-universal-creative

Affected ranges

Affected versions

1.*

1.17.3

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/prebid-universal-creative/MAL-2025-47027.json"