MAL-2025-4930

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/os-apps-ui-curvelibrary/MAL-2025-4930.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2025-4930

Published

2025-06-12T01:20:49Z

Modified

2025-07-10T14:07:19Z

Summary

Malicious code in os-apps-ui-curvelibrary (npm)

Details

-= Per source details. Do not edit below this line.=-

Source: ossf-package-analysis (0119e0d30c93e83b68f00c9ab5d2f00f90d631cf3e692cab103e99c3ca6331b5)

The OpenSSF Package Analysis project identified 'os-apps-ui-curvelibrary' @ 11.1.20 (npm) as malicious.

It is considered malicious because:

The package communicates with a domain associated with malicious activity.
The package executes one or more commands associated with malicious behavior.

Database specific

{
    "malicious-packages-origins": [
        {
            "import_time": "2025-06-12T01:33:45.64116984Z",
            "modified_time": "2025-06-12T01:30:49Z",
            "source": "ossf-package-analysis",
            "versions": [
                "10.2.5"
            ],
            "sha256": "18aeea2d76067c75f66911c729810dc0b7746e1bd14e53300f2a5c07649999b3"
        },
        {
            "import_time": "2025-06-12T01:33:45.721353361Z",
            "modified_time": "2025-06-12T01:32:41Z",
            "source": "ossf-package-analysis",
            "versions": [
                "11.1.2"
            ],
            "sha256": "1dd4447ad1f181e36adef3ae1a6e1b5e32831049e46f1fc66ae541ed4c33f2b7"
        },
        {
            "import_time": "2025-06-12T01:33:45.475000276Z",
            "modified_time": "2025-06-12T01:25:45Z",
            "source": "ossf-package-analysis",
            "versions": [
                "10.1.2"
            ],
            "sha256": "cb13fa21c92df5dc4aa68fb0c62d193a503a8628661615402120e0cd87f6ee5b"
        },
        {
            "import_time": "2025-06-12T01:33:45.566976879Z",
            "modified_time": "2025-06-12T01:29:25Z",
            "source": "ossf-package-analysis",
            "versions": [
                "10.2.4"
            ],
            "sha256": "e690808594ef799c65a7be74d82d506a26672108051fff5ed5894cd3e8037569"
        },
        {
            "import_time": "2025-06-12T02:35:39.359373242Z",
            "modified_time": "2025-06-12T02:10:59Z",
            "source": "ossf-package-analysis",
            "versions": [
                "11.1.9"
            ],
            "sha256": "018acaf194e627f73c054cc6654ebb956cd3026deb890d2450416c2881231eb7"
        },
        {
            "import_time": "2025-06-12T03:26:21.808599582Z",
            "modified_time": "2025-06-12T02:55:05Z",
            "source": "ossf-package-analysis",
            "versions": [
                "11.1.20"
            ],
            "sha256": "0119e0d30c93e83b68f00c9ab5d2f00f90d631cf3e692cab103e99c3ca6331b5"
        },
        {
            "import_time": "2025-06-12T03:26:21.736563709Z",
            "modified_time": "2025-06-12T02:51:47Z",
            "source": "ossf-package-analysis",
            "versions": [
                "11.1.19"
            ],
            "sha256": "2b45b51e2a10be06999646f630ada895856368e9058f5e63e72caa26cc247c48"
        },
        {
            "import_time": "2025-06-12T03:26:21.874635516Z",
            "modified_time": "2025-06-12T03:00:27Z",
            "source": "ossf-package-analysis",
            "versions": [
                "11.1.21"
            ],
            "sha256": "43d0d1b6d4d24ee58e12cccd0b8136ba552e7658302bed48539f89ced8377c0a"
        },
        {
            "import_time": "2025-06-12T03:26:21.64845605Z",
            "modified_time": "2025-06-12T02:36:01Z",
            "source": "ossf-package-analysis",
            "versions": [
                "11.1.16"
            ],
            "sha256": "ba1cc7920212327c3d8dc1c712ce5830eb0af7407d6a689d0f6ca5659b831dcb"
        },
        {
            "import_time": "2025-06-12T04:10:28.999475496Z",
            "modified_time": "2025-06-12T04:05:34Z",
            "source": "ossf-package-analysis",
            "versions": [
                "11.1.17"
            ],
            "sha256": "51cf733ce35ef8461d285eaeab58deb5e4fdb9bafa9167b92f8805ed1ac86a87"
        },
        {
            "import_time": "2025-06-16T07:36:34.933118189Z",
            "modified_time": "2025-06-12T01:51:08Z",
            "source": "ossf-package-analysis",
            "versions": [
                "11.1.5"
            ],
            "sha256": "21483738c60929e06f7b07deddd58e393fadfcec9704ffaf43f658ef3ad58234"
        },
        {
            "import_time": "2025-06-16T07:36:34.818433816Z",
            "modified_time": "2025-06-12T01:45:49Z",
            "source": "ossf-package-analysis",
            "versions": [
                "11.1.4"
            ],
            "sha256": "c73c691b8497cd42319b540c03c023e07529e097c894e279b327fe5a5ed0331e"
        },
        {
            "import_time": "2025-06-16T07:36:34.733077188Z",
            "modified_time": "2025-06-12T01:20:49Z",
            "source": "ossf-package-analysis",
            "versions": [
                "9.9.9"
            ],
            "sha256": "f389099d7857ab5d8a87f8b21821724803b50fc5b382dcd92bbeb025a1e0c424"
        },
        {
            "import_time": "2025-07-10T14:07:01.520400201Z",
            "modified_time": "2025-07-10T14:05:49Z",
            "source": "ossf-package-analysis",
            "versions": [
                "99.0.3"
            ],
            "sha256": "9ebf76aa00e867610d92f878a90addb3aeafa0042e52aecd867234a5b12f1cfd"
        }
    ]
}

References

Credits

- OpenSSF: Package Analysis - FINDER
- - https://github.com/ossf/package-analysis
  - https://openssf.slack.com/channels/package_analysis

Affected packages

npm / os-apps-ui-curvelibrary

Package

Name: os-apps-ui-curvelibrary; View open source insights on deps.dev
Purl: pkg:npm/os-apps-ui-curvelibrary

Affected ranges

Affected versions

9.*

9.9.9

10.*

10.1.2

10.2.4

10.2.5

11.*

11.1.2

11.1.4

11.1.5

11.1.9

11.1.16

11.1.17

11.1.19

11.1.20

11.1.21

99.*

99.0.3