MAL-2025-6814
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/horizon-ui-ng/MAL-2025-6814.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2025-6814
- Published
- 2025-08-08T12:55:54Z
- Modified
- 2025-08-18T06:10:43Z
- Summary
- Malicious code in horizon-ui-ng (npm)
- Details
-
The package communicates with a domain associated with malicious activity.
-= Per source details. Do not edit below this line.=-
Source: ossf-package-analysis (05025cfe461de95f60e8359c367b851181a07564256a7ce672e7c313007d0f87)
The OpenSSF Package Analysis project identified 'horizon-ui-ng' @ 99.9.17 (npm) as malicious.
It is considered malicious because:
The package communicates with a domain associated with malicious activity.
The package executes one or more commands associated with malicious behavior.
- Database specific
{ "malicious-packages-origins": [ { "import_time": "2025-08-09T05:06:34.072481776Z", "sha256": "05025cfe461de95f60e8359c367b851181a07564256a7ce672e7c313007d0f87", "source": "ossf-package-analysis", "modified_time": "2025-08-09T05:05:51Z", "versions": [ "99.9.17" ] }, { "import_time": "2025-08-09T06:43:11.636013702Z", "sha256": "2bf6fb87dfcbde5aea62711ac3c99b926091c08fc2d0b6ff74f6de1ae7b5717c", "source": "ossf-package-analysis", "modified_time": "2025-08-09T06:21:37Z", "versions": [ "99.9.20" ] }, { "import_time": "2025-08-09T07:35:19.691598527Z", "sha256": "556b8f351f03d71c0c4aa631c5613bda7770ac1026913e9214ead55de9fec42f", "source": "ossf-package-analysis", "modified_time": "2025-08-09T07:13:08Z", "versions": [ "99.9.24" ] }, { "import_time": "2025-08-09T06:43:11.746547871Z", "sha256": "a7a0a1e544bbc0bd87cafdb9ce9d302c035a6f248127c0e083c8c7b0c069b5a2", "source": "ossf-package-analysis", "modified_time": "2025-08-09T06:31:42Z", "versions": [ "99.9.22" ] }, { "import_time": "2025-08-09T06:08:04.385149239Z", "sha256": "d3ea5ccb286f0aa55cedd67dd33bb29c4b7b01eef9331d90cea0ad86bafbcbf1", "source": "ossf-package-analysis", "modified_time": "2025-08-09T05:49:45Z", "versions": [ "99.9.19" ] }, { "import_time": "2025-08-09T07:06:12.07047903Z", "sha256": "e9f78b51b36bd9aed8215325e6dab309a791b3ef8175a8bfe9deedc9507df0fa", "source": "ossf-package-analysis", "modified_time": "2025-08-09T06:48:36Z", "versions": [ "99.9.23" ] }, { "import_time": "2025-08-18T06:09:43.262004874Z", "sha256": "2639fb4a8ac9cdcd28d09b517cdbccc97cbdae8e9bb1f1ce9ed3e701ad94f37c", "source": "ossf-package-analysis", "modified_time": "2025-08-08T12:55:54Z", "versions": [ "99.9.10" ] }, { "import_time": "2025-08-18T06:09:43.70824595Z", "sha256": "85ce8a35b78263a1bccbd29909abc30bea7bc5713822a63eccd9c5ac203a9775", "source": "ossf-package-analysis", "modified_time": "2025-08-09T04:35:51Z", "versions": [ "99.9.16" ] } ] }- References
-
- Credits
-
-
- Amazon Inspector - FINDER
-
- OpenSSF: Package Analysis - FINDER
-
Affected packages
npm / horizon-ui-ng
Package
- Name
- horizon-ui-ng
- View open source insights on deps.dev
- Purl
- pkg:npm/horizon-ui-ng