Ecosystem	Package	Version

Vulnerabilities

sonatype-2025-007470

sonatype-2025-007470

Malicious Packages - Sat Dec 06 2025 [RCE]

Published Dec 8, 2025

https://help.sonatype.com/en/sonatype-malware-data.html https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-192771.json

CVSS ScoreHigh

8.7

Ecosystem	Package	Version


npm	elf-stats-glittering-cookie-844	1.0.0
npm	elf-stats-lanternlit-stockpile-692	0.0.1-security
npm	elf-stats-lanternlit-stockpile-692	1.0.1

sonatype-2025-007470 | Components Impacted | Sonatype Guide | Sonatype Guide