Ecosystem	Package	Version

Vulnerabilities

sonatype-2025-004325

sonatype-2025-004325

Malicious Packages - Tue Oct 28 2025 [Info Stealer/Host Data]

Published Oct 29, 2025

https://help.sonatype.com/en/sonatype-malware-data.html https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-191589.json https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-191590.json https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-191591.json https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-191592.json https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-191598.json https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-49280.json https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-66550.json

CVSS ScoreMedium

5.3

Ecosystem	Package	Version


npm	@qwant-internal/datahub-logger	3.1.1
npm	add-to-cart-web	99.0.0
npm	ads-dsp-lite-components	99.0.0
npm	ads-skeleton	99.0.0
npm	advertising-banners-frontend	99.0.0
npm	advertising-breadcrumb	99.0.0
npm	bcp-security-package-update	0.0.1-security
npm	bcp-security-package-update	1.0.0
npm	bcp-security-package-update	1.0.1
npm	bcp-security-package-update	1.0.2
npm	bcp-security-package-update	1.0.3
npm	bcp-security-package-update	1.0.4
npm	bcp-security-package-update	1.0.5
npm	bcp-security-package-update	1.0.6
npm	circuit-foundation-test	10.0.1
npm	op-frontend-commons	99.0.0
npm	sevilla-test-package	99.0.0
npm	sevilla-test-pkg	99.0.0
npm	szsec-info-report	1.0.0
npm	szsec-infos-report	0.0.1-security
npm	szsec-infos-report	1.0.0
npm	szsec-infos-report	2.0.1
npm	szsec-infos-report-wh1sper	2.0.0
npm	szsec-infos-report-wh1sper	2.0.1
npm	szsec-infos-report-wh1sper	2.1.1
npm	szsec-infos-report-wh1sper	3.0.1
npm	szsec-infos-report-wh2sper	1.0.0
npm	szsec-infoss-report	1.0.0
npm	test-dependency-confusion-g3ksec	99.0.0
npm	test881	1.0.0-poc
npm	verdi-chat-library	99.0.0

sonatype-2025-004325 | Components Impacted | Sonatype Guide | Sonatype Guide