Components
Vulnerabilities
Pricing
MCP
Docs
Sign up
Login
Find vulnerabilities. Fix fast with AI.
Search components by package, version, or CVE to get started.
Ecosystem
Package
Version
Vulnerabilities
sonatype-2025-004344
sonatype-2025-004344
Malicious Packages with Private Dependencies (PhantomRaven)
Published Oct 29, 2025
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2023-8027.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2024-1033.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2024-12090.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2024-2393.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2024-7783.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-14184.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-14186.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-14188.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-14189.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-14192.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-14193.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-14196.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-17032.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-17150.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-1826.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-19031.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-19830.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-20277.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-21707.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-2541.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-31763.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-34288.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-37409.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-37410.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-38654.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-38656.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-39896.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-39897.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-39898.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-39900.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-39901.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-39904.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-39908.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-39910.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-39911.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-42032.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-42049.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-42050.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-42055.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-42057.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-42086.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-42116.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-47011.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-47012.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-47014.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-47017.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-47018.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-47020.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-47021.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-47022.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-47335.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-47354.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-47576.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-47577.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-47583.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-47599.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-48773.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-48774.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-48775.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-48776.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-48777.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-48781.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-48984.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-49004.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-49021.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-49027.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-49032.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-49040.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-49063.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-49067.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-49068.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-49071.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-49072.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-49073.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-49074.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-49075.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-49076.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-49098.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-49099.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-6412.json
https://www.bleepingcomputer.com/news/security/phantomraven-attack-floods-npm-with-credential-stealing-packages/
https://www.koi.ai/blog/phantomraven-npm-malware-hidden-in-invisible-dependencies
CVSS Score
High
7.1
Components Impacted
Components Impacted
Security Details
Security Details
Sonatype Research
Sonatype Research
Ecosystem
Package
Version
Ecosystem
Package
Version
npm
@acme-types/acme-package
0.0.1-security
npm
@acme-types/acme-package
99.0.0
npm
@aio-commerce-sdk/config-tsdown
0.0.1-security.0
npm
@aio-commerce-sdk/config-tsdown
1.0.0
npm
@aio-commerce-sdk/config-typedoc
0.0.1-security.0
npm
@aio-commerce-sdk/config-typedoc
1.0.0
npm
@aio-commerce-sdk/config-typescript
0.0.1-security.0
npm
@aio-commerce-sdk/config-typescript
1.0.0
npm
@aio-commerce-sdk/config-vitest
0.0.1-security.0
npm
@aio-commerce-sdk/config-vitest
1.0.0
npm
@amazon-bedrock-agents-healthcare-lifesciences/docs
0.0.1
npm
@apache-felix/felix-antora-ui
0.0.1-security
npm
@apache-felix/felix-antora-ui
0.3.0
npm
@apache-netbeans/netbeans-antora-ui
0.0.1-security
npm
@apache-netbeans/netbeans-antora-ui
0.3.0
npm
@apachesling/slingpackager
1.0.0
npm
@apachesling/slingpackager
99.0.0
npm
@apachesling/slingpost
1.0.0
npm
@apachesling/slingpost
99.0.0
npm
@dealmgmt/grid
1.0.0
npm
@decentraland-gatsby/intl
0.3.0
npm
@discord-external/activity-iframe-sdk
2.3.2
npm
@dtpk-cc/components
1.0.0
npm
@exarad/verfuegbarkeitspruefung-vue2
1.0.0
npm
@foryjs/fory
1.0.0
npm
@foryjs/fory
99.0.0
npm
@foryjs/hps
1.0.0
npm
@foryjs/hps
99.0.0
npm
@gitlab-lsp/pkg-1
0.0.1-security
npm
@gitlab-lsp/pkg-1
0.3.0
npm
@gitlab-lsp/pkg-2
0.0.1-security
npm
@gitlab-lsp/pkg-2
0.3.0
npm
@gitlab-lsp/workflow-api
0.0.1-security
npm
@gitlab-lsp/workflow-api
0.3.0
npm
@gitlab-test/bun-v1
0.0.1-security
npm
@gitlab-test/bun-v1
0.3.0
npm
@gitlab-test/npm-v10
0.0.1-security
npm
@gitlab-test/npm-v10
0.3.0
npm
@gitlab-test/pnpm-v9
0.0.1-security
npm
@gitlab-test/pnpm-v9
0.3.0
npm
@gitlab-test/pnpm-v9
0.4.0
npm
@gitlab-test/yarn-v4
0.0.1-security
npm
@gitlab-test/yarn-v4
0.3.0
npm
@i22-td-smarthome/component-library
0.0.1-security
npm
@i22-td-smarthome/component-library
0.7.0
npm
@i22/rocket
0.7.11
npm
@i22/scroll-animation
0.1.10
npm
@item-shop-data/client
0.0.1-security
npm
@item-shop-data/client
56.0.0
npm
@item-shop-data/client
56.0.10
1-50 of 427
sonatype-2025-004344 | Components Impacted | Sonatype Guide | Sonatype Guide
