Ecosystem	Package	Version

Vulnerabilities

sonatype-2025-007381

sonatype-2025-007381

Malicious Packages - Tue Dec 02 2025 [Info Stealer]

Published Dec 2, 2025

https://help.sonatype.com/en/sonatype-malware-data.html https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-191545.json https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-192033.json https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-192562.json https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-192563.json https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-192576.json https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-192577.json

CVSS ScoreMedium

5.3

Ecosystem	Package	Version


npm	@revvity-signals/chemdraw-js	0.0.1-security
npm	@revvity-signals/chemdraw-js	1.0.0
npm	@revvity-signals/chemdraw-js	1.0.3
npm	@wb-drive/icons	0.0.1-security
npm	@wb-drive/icons	2.4.9
npm	camscanner-seo	999.0.0
npm	cms_comp	999.0.0
npm	cms_comp	999.0.1
npm	cms_comp	999.0.9
npm	cms_comp_popup	999.0.0
npm	cms_comp_static	999.0.0
npm	cos-js-sdk-v6	999.0.0
npm	ddxq_cms_tools	999.0.0
npm	elf-stats-flickering-candy-280	1.2.0
npm	eslint-config-zoo	999.0.0
npm	fe-cdnpath-transform	999.0.0
npm	feng-npm-test666	1.0.1
npm	jz-ui-user	999.0.0
npm	jz-user-js-bridge	999.0.0
npm	pp-js-lib	999.0.0
npm	sd-pay	0.0.1-security
npm	sd-pay	999.0.0
npm	sd-pay-ts	0.0.1-security
npm	sd-pay-ts	999.0.0
npm	sd-security	0.0.1-security
npm	sd-security	0.1.7
npm	sd-security	999.0.0
npm	sd-skbms	0.0.1-security
npm	sd-skbms	999.0.0
npm	sdbao-content-report	999.0.0
npm	sdbao-content-sems	999.0.0
npm	uba-plugins	999.0.0
npm	wfui-test-e2e	0.0.1-security
npm	wfui-test-e2e	1.0.0
npm	wfui-test-e2e	99.99.1

sonatype-2025-007381 | Components Impacted | Sonatype Guide | Sonatype Guide