MAL-2026-1833

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/rce-pkg-1/MAL-2026-1833.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2026-1833

Published

2026-03-18T13:05:52Z

Modified

2026-03-23T05:45:21.065665Z

Summary

Malicious code in rce-pkg-1 (npm)

Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (00722c1eda950154ab61163515f1ee91bd18cd2be33793e0bf446884abc30771)

The package rce-pkg-1 was found to contain malicious code.

Database specific

{
    "malicious-packages-origins": [
        {
            "source": "reversing-labs",
            "id": "RLMA-2026-01520",
            "versions": [
                "1.0.0",
                "1.1.0"
            ],
            "import_time": "2026-03-19T12:19:08.258018291Z",
            "modified_time": "2026-03-18T13:05:52Z",
            "sha256": "63e13fc42a58e54d7d2d6d7b2fe38afbae439df222e1457e6cba1fbca35e3755"
        },
        {
            "source": "amazon-inspector",
            "versions": [
                "1.0.0",
                "1.1.0"
            ],
            "import_time": "2026-03-23T05:14:01.328526735Z",
            "modified_time": "2026-03-23T05:11:41Z",
            "sha256": "00722c1eda950154ab61163515f1ee91bd18cd2be33793e0bf446884abc30771"
        }
    ]
}

References

Credits

- Amazon Inspector - FINDER
- - actran@amazon.com
- ReversingLabs - FINDER
- - https://www.reversinglabs.com

Affected packages

npm / rce-pkg-1

Package

Name: rce-pkg-1; View open source insights on deps.dev
Purl: pkg:npm/rce-pkg-1

Affected ranges

Affected versions

1.*

1.0.0

1.1.0

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/rce-pkg-1/MAL-2026-1833.json"