Ecosystem	Package	Version

Vulnerabilities

sonatype-2025-007407

sonatype-2025-007407

Malicious Packages - Thu Nov 27 2025 [Info Stealer]

Published Dec 3, 2025

https://help.sonatype.com/en/sonatype-malware-data.html https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-191994.json https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-192025.json https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-192791.json

CVSS ScoreMedium

5.3

Ecosystem	Package	Version


npm	elf-stats-bright-star-712	1.0.0
npm	elf-stats-bright-star-712	1.0.1
npm	elf-stats-bright-star-712	1.0.2
npm	elf-stats-evergreen-sled-681	1.0.0
npm	elf-stats-evergreen-sled-681	1.0.1
npm	elf-stats-evergreen-sled-681	1.0.2
npm	elf-stats-evergreen-sled-681	1.0.3
npm	elf-stats-evergreen-sled-681	1.0.4
npm	elf-stats-evergreen-sled-681	1.0.5
npm	elf-stats-velvet-bow-244	99.9.11

sonatype-2025-007407 | Components Impacted | Sonatype Guide | Sonatype Guide