MAL-2026-3361

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/24712-pl5004/MAL-2026-3361.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-3361
Published
2026-05-06T22:30:34Z
Modified
2026-05-12T07:53:42.603768Z
Summary
Malicious code in 24712-pl5004 (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (3d79bb37b62b8d47ca459db0858a93ffb3c35e3791423c11a0853fb4ab17388e)

The package 24712-pl5004 was found to contain malicious code.

Source: ossf-package-analysis (d795dd6b3bd9d223cd7fe9b27d62dfbf0341cfc6466201180d288d846aff5cb9)

The OpenSSF Package Analysis project identified '24712-pl5004' @ 0.0.1 (npm) as malicious.

It is considered malicious because:

  • The package communicates with a domain associated with malicious activity.
Database specific 
{
    "malicious-packages-origins": [
        {
            "sha256": "d795dd6b3bd9d223cd7fe9b27d62dfbf0341cfc6466201180d288d846aff5cb9",
            "import_time": "2026-05-06T22:48:52.611166894Z",
            "source": "ossf-package-analysis",
            "modified_time": "2026-05-06T22:30:34Z",
            "versions": [
                "0.0.1"
            ]
        },
        {
            "sha256": "3d79bb37b62b8d47ca459db0858a93ffb3c35e3791423c11a0853fb4ab17388e",
            "import_time": "2026-05-12T07:28:50.205961506Z",
            "source": "amazon-inspector",
            "modified_time": "2026-05-12T06:53:21Z",
            "versions": [
                "0.0.1"
            ]
        }
    ]
}
References
Credits

Affected packages

npm / 24712-pl5004

Package

Name
24712-pl5004
View open source insights on deps.dev
Purl
pkg:npm/24712-pl5004

Affected ranges

Affected versions

0.*
0.0.1

Database specific

source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/24712-pl5004/MAL-2026-3361.json"