MAL-2026-975
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/azure-postgresql-auth/MAL-2026-975.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2026-975
- Published
- 2026-02-20T17:55:01Z
- Modified
- 2026-03-23T04:54:03.441254Z
- Summary
- Malicious code in azure-postgresql-auth (npm)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: amazon-inspector (1bed0aaccd7198eac8f4076c1eec5f143ae28bdcfa8bbf990a62ff7c65411707)
The package azure-postgresql-auth was found to contain malicious code.
Source: ossf-package-analysis (be7f24978016372ab2ca69037192e7d72ccf40ae30e8d90a2368cb8653eeb9ab)
The OpenSSF Package Analysis project identified 'azure-postgresql-auth' @ 1.1.4 (npm) as malicious.
It is considered malicious because:
The package communicates with a domain associated with malicious activity.
The package executes one or more commands associated with malicious behavior.
- Database specific
{ "malicious-packages-origins": [ { "sha256": "be7f24978016372ab2ca69037192e7d72ccf40ae30e8d90a2368cb8653eeb9ab", "source": "ossf-package-analysis", "modified_time": "2026-02-20T18:10:54Z", "import_time": "2026-02-20T18:17:31.488007838Z", "versions": [ "1.1.4" ] }, { "sha256": "f3892d6e7397bb7b011541622d372ec313c0d5997366f67e9ffadc7fb082da19", "source": "ossf-package-analysis", "modified_time": "2026-02-20T17:55:01Z", "import_time": "2026-02-20T18:17:31.380041147Z", "versions": [ "1.1.2" ] }, { "sha256": "1bed0aaccd7198eac8f4076c1eec5f143ae28bdcfa8bbf990a62ff7c65411707", "source": "amazon-inspector", "modified_time": "2026-02-23T03:51:30Z", "import_time": "2026-02-23T04:19:45.214865072Z", "versions": [ "1.1.4", "1.1.2" ] } ] }- References
-
- Credits
-
-
- Amazon Inspector - FINDER
-
- OpenSSF: Package Analysis - FINDER
-
Affected packages
npm / azure-postgresql-auth
Package
- Name
- azure-postgresql-auth
- View open source insights on deps.dev
- Purl
- pkg:npm/azure-postgresql-auth