MAL-2026-2791

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/payments-ui/MAL-2026-2791.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2026-2791

Published

2026-04-16T10:10:48Z

Modified

2026-04-23T21:17:02.859235Z

Summary

Malicious code in payments-ui (npm)

Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (d7d60194dba5c153d113a55d518be295628ca3a4e031ac30cf5200eb4386c7c8)

The package payments-ui was found to contain malicious code.

Database specific

{
    "malicious-packages-origins": [
        {
            "modified_time": "2026-04-16T10:10:48Z",
            "versions": [
                "99.9.9"
            ],
            "sha256": "8705b888035f3b2e85bbc486b7556c74f31e689a330cbc80fc8d154f7b72c324",
            "id": "RLMA-2026-02019",
            "source": "reversing-labs",
            "import_time": "2026-04-16T15:39:15.306944588Z"
        },
        {
            "modified_time": "2026-04-23T20:43:56Z",
            "versions": [
                "99.9.9"
            ],
            "sha256": "d7d60194dba5c153d113a55d518be295628ca3a4e031ac30cf5200eb4386c7c8",
            "source": "amazon-inspector",
            "import_time": "2026-04-23T20:49:10.264934178Z"
        }
    ]
}

References

Credits

- Amazon Inspector - FINDER
- - actran@amazon.com
- ReversingLabs - FINDER
- - https://www.reversinglabs.com

Affected packages

npm / payments-ui

Package

Name: payments-ui; View open source insights on deps.dev
Purl: pkg:npm/payments-ui

Affected ranges

Affected versions

99.*

99.9.9

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/payments-ui/MAL-2026-2791.json"