Components
Vulnerabilities
Pricing
MCP
Docs
Sign up
Login
Find vulnerabilities. Fix fast with AI.
Search components by package, version, or CVE to get started.
Ecosystem
Package
Version
Vulnerabilities
sonatype-2025-007352
sonatype-2025-007352
Malicious Packages - Mon Dec 1 2025 [Dropper] [Lazarus]
Published Dec 1, 2025
https://thehackernews.com/2025/11/north-korean-hackers-deploy-197-npm.html?_m=3n.009a.3838.ui0ao46fn7.2vow&m=1
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-192310.json
CVSS Score
High
8.7
Components Impacted
Components Impacted
Security Details
Security Details
Sonatype Research
Sonatype Research
Ecosystem
Package
Version
Ecosystem
Package
Version
npm
node-tailwind
0.0.1-security
npm
node-tailwind
0.0.1
npm
node-tailwind
0.1.1
npm
node-tailwind
1.2.1
npm
node-tailwind
2.0.1
npm
node-tailwind
2.1.3
npm
node-tailwind
3.2.0
npm
react-modal-select
1.0.0
npm
tailwind-magic
1.0.1
npm
tailwind-magic
1.1.1
npm
tailwind-magic
1.2.1
npm
tailwind-magic
1.3.1
npm
tailwind-magic
2.0.3
npm
tailwind-magic
2.1.1
npm
tailwind-magic
2.2.1
npm
tailwind-magic
2.3.1
npm
tailwind-node
3.5.1
1-17 of 17
sonatype-2025-007352 | Components Impacted | Sonatype Guide | Sonatype Guide
