Components
Vulnerabilities
Pricing
MCP
Docs
Sign up
Login
Find vulnerabilities. Fix fast with AI.
Search components by package, version, or CVE to get started.
Ecosystem
Package
Version
Vulnerabilities
sonatype-2025-007588
sonatype-2025-007588
Malicious Packages - Tue Dec 16 2025 [Credential Info Stealer]
Published Dec 17, 2025
https://help.sonatype.com/en/sonatype-malware-data.html
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-192603.json
CVSS Score
High
7.1
Components Impacted
Components Impacted
Security Details
Security Details
Sonatype Research
Sonatype Research
Ecosystem
Package
Version
Ecosystem
Package
Version
npm
dux-portal-privacy
4.9.121
npm
eb-csr
9.1.143
npm
electra-web-player-event
3.1.143
npm
float-kit
20.1.1
npm
meta-code-verify
8.2.31
npm
okta-signin-widget
8.2.31
npm
plugin-senna
9.3.134
npm
react-server-dom-unbundled
9.2.31
npm
shopify-perf-kit
8.2.31
npm
shopify-perf-kit
8.2.32
npm
stitch-ui-toolbox
20.1.1
npm
vitor-js
0.0.1-security
npm
vitor-js
9.3.129
npm
vitor-js
9.3.130
npm
vitor-js
9.3.131
npm
vitor-js
9.3.132
npm
vitor-js
9.3.133
npm
x-clients-features
8.2.31
1-18 of 18
sonatype-2025-007588 | Components Impacted | Sonatype Guide | Sonatype Guide
