MAL-2026-3804

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/bui-react-10components/MAL-2026-3804.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-3804
Published
2026-05-16T09:16:46Z
Modified
2026-05-19T18:02:19.475212455Z
Summary
Malicious code in bui-react-10components (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (3fd97accb94b52913accc33671fd34134afa96fd92bc09e5d0c440eef9b1a8c6)

The package bui-react-10components was found to contain malicious code.

Source: ossf-package-analysis (3e296c32203cc05a9f9f2bffa6082ce019d829da2e53e83034754179dc0e17d9)

The OpenSSF Package Analysis project identified 'bui-react-10components' @ 99.0.0 (npm) as malicious.

It is considered malicious because:

  • The package communicates with a domain associated with malicious activity.
Database specific 
{
    "malicious-packages-origins": [
        {
            "source": "ossf-package-analysis",
            "import_time": "2026-05-16T10:01:30.383651947Z",
            "sha256": "3e296c32203cc05a9f9f2bffa6082ce019d829da2e53e83034754179dc0e17d9",
            "modified_time": "2026-05-16T09:16:46Z",
            "versions": [
                "99.0.0"
            ]
        },
        {
            "source": "amazon-inspector",
            "import_time": "2026-05-19T17:50:21.616589227Z",
            "sha256": "3fd97accb94b52913accc33671fd34134afa96fd92bc09e5d0c440eef9b1a8c6",
            "modified_time": "2026-05-19T16:47:48Z",
            "versions": [
                "99.0.0"
            ]
        }
    ]
}
References
Credits

Affected packages

npm / bui-react-10components

Package

Name
bui-react-10components
View open source insights on deps.dev
Purl
pkg:npm/bui-react-10components

Affected ranges

Affected versions

99.*
99.0.0

Database specific

source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/bui-react-10components/MAL-2026-3804.json"