MAL-2026-615

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/teaser-nav/MAL-2026-615.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-615
Published
2026-01-31T13:35:28Z
Modified
2026-04-17T03:19:20.186705Z
Summary
Malicious code in teaser-nav (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (ebbd539070b3d1fb400c41280034565422204c7bf4047b965f596d56245c345e)

The package teaser-nav was found to contain malicious code.

Source: ossf-package-analysis (a69a1eb66a07b01f32627423563ed7bc97bc812e3200683025443248488be970)

The OpenSSF Package Analysis project identified 'teaser-nav' @ 19.9.5 (npm) as malicious.

It is considered malicious because:

  • The package communicates with a domain associated with malicious activity.

  • The package executes one or more commands associated with malicious behavior.

Database specific
{
    "malicious-packages-origins": [
        {
            "versions": [
                "19.9.5"
            ],
            "sha256": "a69a1eb66a07b01f32627423563ed7bc97bc812e3200683025443248488be970",
            "modified_time": "2026-01-31T13:35:28Z",
            "source": "ossf-package-analysis",
            "import_time": "2026-01-31T13:47:15.554914835Z"
        },
        {
            "versions": [
                "19.9.5"
            ],
            "sha256": "ebbd539070b3d1fb400c41280034565422204c7bf4047b965f596d56245c345e",
            "modified_time": "2026-02-02T05:19:43Z",
            "source": "amazon-inspector",
            "import_time": "2026-02-02T05:54:41.276260239Z"
        },
        {
            "versions": [
                "99.1.1"
            ],
            "sha256": "91b4885b1f71547f011bf3e314dda5939bc8e8d1162630041f540aa18fc06c37",
            "modified_time": "2026-04-17T01:40:57Z",
            "source": "ossf-package-analysis",
            "import_time": "2026-04-17T03:10:21.402029659Z"
        }
    ]
}
References
Credits

Affected packages

npm / teaser-nav

Package

Affected ranges

Affected versions

19.*
19.9.5
99.*
99.1.1

Database specific

source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/teaser-nav/MAL-2026-615.json"