MAL-2025-6795

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/productboard-freemail/MAL-2025-6795.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-6795
Published
2025-08-06T06:16:06Z
Modified
2025-08-06T18:45:10Z
Summary
Malicious code in productboard-freemail (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: ossf-package-analysis (6a6e97fd17d98afb5fe43af9593d6e212069bdd9fcf008969bb1773d097e22b7)

The OpenSSF Package Analysis project identified 'productboard-freemail' @ 10086.0.1113 (npm) as malicious.

It is considered malicious because:

  • The package communicates with a domain associated with malicious activity.

  • The package executes one or more commands associated with malicious behavior.

Database specific
{
    "malicious-packages-origins": [
        {
            "versions": [
                "1085.0.1113"
            ],
            "sha256": "0de7ae92335c9b0689677f684fe85921b255295307ffd4bab64abf3834379e99",
            "modified_time": "2025-08-06T06:20:53Z",
            "source": "ossf-package-analysis",
            "import_time": "2025-08-06T06:46:11.428558498Z"
        },
        {
            "versions": [
                "100.0.1113"
            ],
            "sha256": "ef2f119983dacaecd15937366cf9b51730d779f17704f684402f80affda84dd4",
            "modified_time": "2025-08-06T06:16:06Z",
            "source": "ossf-package-analysis",
            "import_time": "2025-08-06T06:46:11.340267161Z"
        },
        {
            "versions": [
                "10086.0.1113"
            ],
            "sha256": "6a6e97fd17d98afb5fe43af9593d6e212069bdd9fcf008969bb1773d097e22b7",
            "modified_time": "2025-08-06T17:34:25Z",
            "source": "ossf-package-analysis",
            "import_time": "2025-08-06T17:39:51.875457921Z"
        },
        {
            "versions": [
                "10089.0.1113"
            ],
            "sha256": "e0dc6040748d651ef95decab5bf844f94e67f331b209fc6b71a339d7533b7ca7",
            "modified_time": "2025-08-06T17:55:47Z",
            "source": "ossf-package-analysis",
            "import_time": "2025-08-06T18:08:55.767784431Z"
        },
        {
            "versions": [
                "11090.0.1113"
            ],
            "sha256": "4f8830d52fd5fe372c7fb81a142530d3275e942ba1231cdd98584095120346c0",
            "modified_time": "2025-08-06T18:21:02Z",
            "source": "ossf-package-analysis",
            "import_time": "2025-08-06T18:44:46.940022485Z"
        },
        {
            "versions": [
                "11091.0.1113"
            ],
            "sha256": "98503f9059259327136d3ddbf9a9091c3bc2b4a1f6124975c5cc26c46ac8a4e8",
            "modified_time": "2025-08-06T18:25:59Z",
            "source": "ossf-package-analysis",
            "import_time": "2025-08-06T18:44:47.114352944Z"
        }
    ]
}
References
Credits

Affected packages

npm / productboard-freemail

Package

Name
productboard-freemail
View open source insights on deps.dev
Purl
pkg:npm/productboard-freemail

Affected ranges

Affected versions

100.*
100.0.1112
100.0.1113
1085.*
1085.0.1113
10086.*
10086.0.1113
10089.*
10089.0.1113
11090.*
11090.0.1113
11091.*
11091.0.1113

Database specific

source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/productboard-freemail/MAL-2025-6795.json"