Ecosystem	Package	Version

Vulnerabilities

sonatype-2025-004353

sonatype-2025-004353

Malicious Packages - Wed Oct 29 2025 [Info Stealer]

Published Oct 30, 2025

https://help.sonatype.com/en/sonatype-malware-data.html https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-49288.json https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-49294.json https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-49297.json https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-49299.json

CVSS ScoreMedium

5.3

Ecosystem	Package	Version


npm	@dvargas135/gunpowder-ghost	3.45.12
npm	app_storefront_core	10.1.0
npm	app_storefront_core	99.0.0
npm	create-response	10.1.0
npm	create-response	99.0.0
npm	da-lit	10.1.0
npm	da-lit	99.0.0
npm	example-icrc35-shared-library	10.1.0
npm	example-icrc35-shared-library	99.0.0
npm	express-document-sdk	10.1.0
npm	express-document-sdk	99.0.0
npm	gunpowder-ghost-curse	1.0.0
npm	gunpowder-ghost-curse	3.45.12
npm	int_affirm_controllers	10.1.0
npm	int_affirm_controllers	99.0.0
npm	random-packaging	1.8.0

sonatype-2025-004353 | Components Impacted | Sonatype Guide | Sonatype Guide