ossf · awsactran · Oct 14, 2025 · Oct 14, 2025 · Oct 14, 2025 · Oct 14, 2025
diff --git a/osv/malicious/npm/@custom-widget/sdk/MAL-0000-custom-widget-sdk.json b/osv/malicious/npm/@custom-widget/sdk/MAL-0000-custom-widget-sdk.json
@@ -0,0 +1,38 @@
+{
+  "modified": "2025-10-17T03:28:23Z",
+  "published": "2025-10-17T03:28:23Z",
+  "schema_version": "1.5.0",
+  "id": "",
+  "summary": "Malicious code in @custom-widget/sdk (npm)",
+  "details": "The package @custom-widget/sdk was found to contain malicious code.",
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "@custom-widget/sdk"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "credits": [
+    {
+      "name": "Amazon Inspector",
+      "type": "FINDER",
+      "contact": [
+        "[email protected]"
+      ]
+    }
+  ],
+  "database_specific": {
+    "malicious-packages-origins": null
+  }
+}
diff --git a/osv/malicious/npm/@evo-tech/backoffice-test-api/MAL-2025-48289.json b/osv/malicious/npm/@evo-tech/backoffice-test-api/MAL-2025-48289.json
@@ -35,6 +35,15 @@
       }
     }
   ],
+  "credits": [
+    {
+      "name": "Amazon Inspector",
+      "type": "FINDER",
+      "contact": [
+        "[email protected]"
+      ]
+    }
+  ],
   "references": [
     {
       "type": "ADVISORY",
@@ -62,4 +71,4 @@
       }
     ]
   }
-}
+}
diff --git a/osv/malicious/npm/@gala-analytics/core/MAL-0000-gala-analytics-core.json b/osv/malicious/npm/@gala-analytics/core/MAL-0000-gala-analytics-core.json
@@ -0,0 +1,38 @@
+{
+  "modified": "2025-10-17T03:28:23Z",
+  "published": "2025-10-17T03:28:23Z",
+  "schema_version": "1.5.0",
+  "id": "",
+  "summary": "Malicious code in @gala-analytics/core (npm)",
+  "details": "The package @gala-analytics/core was found to contain malicious code.",
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "@gala-analytics/core"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "credits": [
+    {
+      "name": "Amazon Inspector",
+      "type": "FINDER",
+      "contact": [
+        "[email protected]"
+      ]
+    }
+  ],
+  "database_specific": {
+    "malicious-packages-origins": null
+  }
+}
diff --git a/...alicious/npm/@gtpn/eslint-config-progressive/MAL-0000-gtpn-eslint-config-progressive.json b/...alicious/npm/@gtpn/eslint-config-progressive/MAL-0000-gtpn-eslint-config-progressive.json
@@ -0,0 +1,38 @@
+{
+  "modified": "2025-10-17T03:28:23Z",
+  "published": "2025-10-17T03:28:23Z",
+  "schema_version": "1.5.0",
+  "id": "",
+  "summary": "Malicious code in @gtpn/eslint-config-progressive (npm)",
+  "details": "The package @gtpn/eslint-config-progressive was found to contain malicious code.",
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "@gtpn/eslint-config-progressive"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "credits": [
+    {
+      "name": "Amazon Inspector",
+      "type": "FINDER",
+      "contact": [
+        "[email protected]"
+      ]
+    }
+  ],
+  "database_specific": {
+    "malicious-packages-origins": null
+  }
+}
diff --git a/osv/malicious/npm/@hotels-at-home/hah-fe-core/MAL-0000-hotels-at-home-hah-fe-core.json b/osv/malicious/npm/@hotels-at-home/hah-fe-core/MAL-0000-hotels-at-home-hah-fe-core.json
@@ -0,0 +1,38 @@
+{
+  "modified": "2025-10-17T03:28:23Z",
+  "published": "2025-10-17T03:28:23Z",
+  "schema_version": "1.5.0",
+  "id": "",
+  "summary": "Malicious code in @hotels-at-home/hah-fe-core (npm)",
+  "details": "The package @hotels-at-home/hah-fe-core was found to contain malicious code.",
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "@hotels-at-home/hah-fe-core"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "credits": [
+    {
+      "name": "Amazon Inspector",
+      "type": "FINDER",
+      "contact": [
+        "[email protected]"
+      ]
+    }
+  ],
+  "database_specific": {
+    "malicious-packages-origins": null
+  }
+}
diff --git a/...ute-of-data-management/n11-chatbot/MAL-0000-institute-of-data-management-n11-chatbot.json b/...ute-of-data-management/n11-chatbot/MAL-0000-institute-of-data-management-n11-chatbot.json
@@ -0,0 +1,38 @@
+{
+  "modified": "2025-10-17T15:45:22Z",
+  "published": "2025-10-17T15:45:22Z",
+  "schema_version": "1.5.0",
+  "id": "",
+  "summary": "Malicious code in @institute-of-data-management/n11-chatbot (npm)",
+  "details": "The package communicates with a domain associated with malicious activity.",
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "@institute-of-data-management/n11-chatbot"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "1.0.0"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "credits": [
+    {
+      "name": "Amazon Inspector",
+      "type": "FINDER",
+      "contact": [
+        "[email protected]"
+      ]
+    }
+  ],
+  "database_specific": {
+    "malicious-packages-origins": null
+  }
+}
diff --git a/osv/malicious/npm/@naviance/translation-client/MAL-0000-naviance-translation-client.json b/osv/malicious/npm/@naviance/translation-client/MAL-0000-naviance-translation-client.json
@@ -0,0 +1,38 @@
+{
+  "modified": "2025-10-17T03:28:23Z",
+  "published": "2025-10-17T03:28:23Z",
+  "schema_version": "1.5.0",
+  "id": "",
+  "summary": "Malicious code in @naviance/translation-client (npm)",
+  "details": "The package @naviance/translation-client was found to contain malicious code.",
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "@naviance/translation-client"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "credits": [
+    {
+      "name": "Amazon Inspector",
+      "type": "FINDER",
+      "contact": [
+        "[email protected]"
+      ]
+    }
+  ],
+  "database_specific": {
+    "malicious-packages-origins": null
+  }
+}
diff --git a/osv/malicious/npm/@nunes_nunes/loader-base/MAL-0000-nunes_nunes-loader-base.json b/osv/malicious/npm/@nunes_nunes/loader-base/MAL-0000-nunes_nunes-loader-base.json
@@ -0,0 +1,38 @@
+{
+  "modified": "2025-10-17T03:26:41Z",
+  "published": "2025-10-17T03:26:41Z",
+  "schema_version": "1.5.0",
+  "id": "",
+  "summary": "Malicious code in @nunes_nunes/loader-base (npm)",
+  "details": "The package communicates with a domain associated with malicious activity.",
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "@nunes_nunes/loader-base"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0.1.0"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "credits": [
+    {
+      "name": "Amazon Inspector",
+      "type": "FINDER",
+      "contact": [
+        "[email protected]"
+      ]
+    }
+  ],
+  "database_specific": {
+    "malicious-packages-origins": null
+  }
+}
diff --git a/osv/malicious/npm/@sudt-faucet/commons/MAL-0000-sudt-faucet-commons.json b/osv/malicious/npm/@sudt-faucet/commons/MAL-0000-sudt-faucet-commons.json
@@ -0,0 +1,38 @@
+{
+  "modified": "2025-10-17T03:28:23Z",
+  "published": "2025-10-17T03:28:23Z",
+  "schema_version": "1.5.0",
+  "id": "",
+  "summary": "Malicious code in @sudt-faucet/commons (npm)",
+  "details": "The package @sudt-faucet/commons was found to contain malicious code.",
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "@sudt-faucet/commons"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "credits": [
+    {
+      "name": "Amazon Inspector",
+      "type": "FINDER",
+      "contact": [
+        "[email protected]"
+      ]
+    }
+  ],
+  "database_specific": {
+    "malicious-packages-origins": null
+  }
+}
diff --git a/osv/malicious/npm/@taskrabbit/meadow-web/MAL-0000-taskrabbit-meadow-web.json b/osv/malicious/npm/@taskrabbit/meadow-web/MAL-0000-taskrabbit-meadow-web.json
@@ -0,0 +1,38 @@
+{
+  "modified": "2025-10-17T03:28:23Z",
+  "published": "2025-10-17T03:28:23Z",
+  "schema_version": "1.5.0",
+  "id": "",
+  "summary": "Malicious code in @taskrabbit/meadow-web (npm)",
+  "details": "The package @taskrabbit/meadow-web was found to contain malicious code.",
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "@taskrabbit/meadow-web"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "credits": [
+    {
+      "name": "Amazon Inspector",
+      "type": "FINDER",
+      "contact": [
+        "[email protected]"
+      ]
+    }
+  ],
+  "database_specific": {
+    "malicious-packages-origins": null
+  }
+}