MAL-2026-2366

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/ghost-module/MAL-2026-2366.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2026-2366

Published

2026-03-24T15:47:13Z

Modified

2026-04-07T14:53:59.550686Z

Summary

Malicious code in ghost-module (npm)

Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (67b6330e4cf0d3fdd5e5809026b2bf763eb9e40677d38cca3a39af3a079d265f)

The package ghost-module was found to contain malicious code.

Database specific

{
    "malicious-packages-origins": [
        {
            "modified_time": "2026-03-24T15:47:13Z",
            "versions": [
                "99.0.0"
            ],
            "sha256": "de2bf5fcae31b0deb78a07adda9b24c41706d65206f4ee70ec1a33e16db178e9",
            "id": "RLMA-2026-01766",
            "source": "reversing-labs",
            "import_time": "2026-04-01T12:26:08.786462953Z"
        },
        {
            "modified_time": "2026-04-07T14:24:50Z",
            "versions": [
                "99.0.0"
            ],
            "sha256": "67b6330e4cf0d3fdd5e5809026b2bf763eb9e40677d38cca3a39af3a079d265f",
            "source": "amazon-inspector",
            "import_time": "2026-04-07T14:39:19.956477156Z"
        }
    ]
}

References

Credits

- Amazon Inspector - FINDER
- - actran@amazon.com
- ReversingLabs - FINDER
- - https://www.reversinglabs.com

Affected packages

npm / ghost-module

Package

Name: ghost-module; View open source insights on deps.dev
Purl: pkg:npm/ghost-module

Affected ranges

Affected versions

99.*

99.0.0

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/ghost-module/MAL-2026-2366.json"