MAL-2026-3328
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/pocpoc2626/MAL-2026-3328.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2026-3328
- Published
- 2026-05-04T16:36:10Z
- Modified
- 2026-05-12T07:57:38.189383Z
- Summary
- Malicious code in pocpoc2626 (npm)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: amazon-inspector (4a43e5357592b2bbbe0c68be3960ac829ab988a15b57d63df5ab954c9d0b5b09)
The package pocpoc2626 was found to contain malicious code.
Source: ossf-package-analysis (0176ec0fde390432553ec3dffa91438e5e923d23549ef4b836bc91de5259a21d)
The OpenSSF Package Analysis project identified 'pocpoc2626' @ 99.99.9998 (npm) as malicious.
It is considered malicious because:
- The package communicates with a domain associated with malicious activity.
- Database specific
{ "malicious-packages-origins": [ { "import_time": "2026-05-04T16:39:00.308413379Z", "versions": [ "99.99.9998" ], "sha256": "0176ec0fde390432553ec3dffa91438e5e923d23549ef4b836bc91de5259a21d", "modified_time": "2026-05-04T16:36:10Z", "source": "ossf-package-analysis" }, { "import_time": "2026-05-04T17:36:20.402188861Z", "versions": [ "100.0.5" ], "sha256": "b4744f62b321959f843350974284f2a501ea2e1e80c5ca0d9a2affd0f620b9c4", "modified_time": "2026-05-04T17:05:53Z", "source": "ossf-package-analysis" }, { "import_time": "2026-05-12T07:28:50.997599382Z", "versions": [ "99.99.9998", "100.0.5" ], "sha256": "4a43e5357592b2bbbe0c68be3960ac829ab988a15b57d63df5ab954c9d0b5b09", "modified_time": "2026-05-12T06:53:21Z", "source": "amazon-inspector" } ] }- References
-
- Credits
-
-
- Amazon Inspector - FINDER
-
- OpenSSF: Package Analysis - FINDER
-
Affected packages
npm / pocpoc2626
Package
- Name
- pocpoc2626
- View open source insights on deps.dev
- Purl
- pkg:npm/pocpoc2626