Components
Vulnerabilities
Pricing
MCP
Docs
Sign up
Login
Find vulnerabilities. Fix fast with AI.
Search components by package, version, or CVE to get started.
Ecosystem
Package
Version
Vulnerabilities
sonatype-2025-004505
sonatype-2025-004505
Malicious Packages - Mon Nov 10 2025 [Info Stealer]
Published Nov 10, 2025
https://help.sonatype.com/en/sonatype-malware-data.html
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-49458.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-49460.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-49731.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-53642.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-55024.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-55033.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-55037.json
CVSS Score
Medium
5.3
Components Impacted
Components Impacted
Security Details
Security Details
Sonatype Research
Sonatype Research
Ecosystem
Package
Version
Ecosystem
Package
Version
npm
@mycorp/pkg-a
0.0.1-security
npm
@mycorp/pkg-a
1.0.0
npm
@mycorp/pkg-a
3.0.10
npm
@rce-web/ui-upgrade-dialog
1.5.0
npm
bf-purchases-frontend-web
1.0.0
npm
bf-purchases-frontend-web
2.0.0
npm
bf-purchases-frontend-web
2.0.1
npm
bf-purchases-frontend-web
99.0.0
npm
didi-store
0.0.4
npm
didi-store
0.0.5
npm
elf-stats-cranberry-workbench-671
2.0.0
npm
elf-stats-whimsical-train-322
3.0.0
npm
hackerone-internal-test
1.0.0
npm
icu-messageformat
1.0.0
npm
icu-messageformat
1.0.1
npm
icu-messageformat
2.0.0
npm
icu-messageformat
2.0.1
npm
mochan-test
0.0.4
npm
polycard
100.0.0
npm
polycard
99.0.0
npm
polycard
99.0.1
npm
post-purchase-frontend
1.0.0
npm
post-purchase-frontend
1.0.1
npm
post-purchase-frontend
2.0.0
1-24 of 24
sonatype-2025-004505 | Components Impacted | Sonatype Guide | Sonatype Guide
