Components
Vulnerabilities
Pricing
MCP
Docs
Sign up
Login
Find vulnerabilities. Fix fast with AI.
Search components by package, version, or CVE to get started.
Ecosystem
Package
Version
Vulnerabilities
sonatype-2025-007628
sonatype-2025-007628
Malicious Packages - Mon Dec 22 2025 [RCE]
Published Dec 22, 2025
https://help.sonatype.com/en/sonatype-malware-data.html
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2026-134.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2026-93.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2026-94.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2026-95.json
CVSS Score
High
8.7
Components Impacted
Components Impacted
Security Details
Security Details
Sonatype Research
Sonatype Research
Ecosystem
Package
Version
Ecosystem
Package
Version
npm
dux-portal-privacy
4.9.121
npm
eb-csr
9.1.143
npm
electra-web-player-event
3.1.143
npm
float-kit
20.1.1
npm
meta-code-verify
0.0.1-security
npm
meta-code-verify
1.0.0
npm
meta-code-verify
3.0.0
npm
meta-code-verify
8.2.31
npm
okta-signin-widget
0.0.1-security
npm
okta-signin-widget
1.0.0
npm
okta-signin-widget
8.2.31
npm
react-server-dom-unbundled
9.2.31
npm
shopify-perf-kit
0.0.1-security
npm
shopify-perf-kit
1.0.0
npm
shopify-perf-kit
8.2.31
npm
shopify-perf-kit
8.2.32
npm
stitch-ui-toolbox
20.1.1
npm
vitor-js
9.3.133
npm
x-clients-features
0.0.1-security
npm
x-clients-features
1.0.0
npm
x-clients-features
8.2.31
1-21 of 21
sonatype-2025-007628 | Components Impacted | Sonatype Guide | Sonatype Guide
