MAL-2025-5336

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/themeone-event/MAL-2025-5336.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2025-5336

Published

2025-07-01T09:02:53Z

Modified

2025-07-01T17:38:53Z

Summary

Malicious code in themeone-event (npm)

Details

-= Per source details. Do not edit below this line.=-

Source: ossf-package-analysis (99c721c1b58b04b1fb75059cf2be632b4ee83a0ad12ce9579a60ad26c5f3b869)

The OpenSSF Package Analysis project identified 'themeone-event' @ 71.71.73 (npm) as malicious.

It is considered malicious because:

The package communicates with a domain associated with malicious activity.

Database specific

{
    "malicious-packages-origins": [
        {
            "modified_time": "2025-07-01T09:02:53Z",
            "source": "ossf-package-analysis",
            "import_time": "2025-07-01T09:07:34.284304503Z",
            "sha256": "99c721c1b58b04b1fb75059cf2be632b4ee83a0ad12ce9579a60ad26c5f3b869",
            "versions": [
                "71.71.73"
            ]
        },
        {
            "modified_time": "2025-07-01T10:37:56Z",
            "source": "ossf-package-analysis",
            "import_time": "2025-07-01T10:39:28.666133599Z",
            "sha256": "100b09a561254fb0f157a4867b643e9375e9c4cda4e24d0d837a18dbfd7ad533",
            "versions": [
                "71.71.78"
            ]
        },
        {
            "modified_time": "2025-07-01T10:18:01Z",
            "source": "ossf-package-analysis",
            "import_time": "2025-07-01T10:39:28.454099332Z",
            "sha256": "ecc9c553326df9df2798a07933b18d01f62ce900e40c1f1f9edfe61187c549ab",
            "versions": [
                "71.71.75"
            ]
        },
        {
            "modified_time": "2025-07-01T16:51:16Z",
            "source": "ossf-package-analysis",
            "import_time": "2025-07-01T17:05:53.443228516Z",
            "sha256": "1fb1424027e32d68391d72d86b9dda724af43c82a8cfaa5981d1b4ea5d0335b3",
            "versions": [
                "71.71.82"
            ]
        },
        {
            "modified_time": "2025-07-01T17:01:08Z",
            "source": "ossf-package-analysis",
            "import_time": "2025-07-01T17:05:53.963011618Z",
            "sha256": "8d6dee85d07fb340c5885e5e5b3d2fc4e32f8734f67eba96d32a4cbcca7a9f93",
            "versions": [
                "71.71.84"
            ]
        },
        {
            "modified_time": "2025-07-01T17:13:32Z",
            "source": "ossf-package-analysis",
            "import_time": "2025-07-01T17:38:24.087838405Z",
            "sha256": "4a3e727c970c42926bbd0c362a8893120167a43d053ca263720c1d4b77f26a01",
            "versions": [
                "71.71.86"
            ]
        }
    ]
}

References

Credits

- OpenSSF: Package Analysis - FINDER
- - https://github.com/ossf/package-analysis
  - https://openssf.slack.com/channels/package_analysis

Affected packages

npm / themeone-event

Package

Name: themeone-event; View open source insights on deps.dev
Purl: pkg:npm/themeone-event

Affected ranges

Affected versions

71.*

71.71.73

71.71.75

71.71.78

71.71.82

71.71.84

71.71.86