Components
Vulnerabilities
Pricing
MCP
Docs
Sign up
Login
Find vulnerabilities. Fix fast with AI.
Search components by package, version, or CVE to get started.
Ecosystem
Package
Version
Vulnerabilities
sonatype-2025-007707
sonatype-2025-007707
Malicious Packages - Tue Dec 30 2025 [Info Stealer]
Published Jan 2, 2026
https://help.sonatype.com/en/sonatype-malware-data.html
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-192967.json
CVSS Score
Medium
5.3
Components Impacted
Components Impacted
Security Details
Security Details
Sonatype Research
Sonatype Research
Ecosystem
Package
Version
Ecosystem
Package
Version
npm
dux-portal-privacy
4.9.121
npm
eb-csr
0.0.1-security
npm
eb-csr
1.0.0
npm
eb-csr
9.1.143
npm
electra-web-player-event
3.1.143
npm
float-kit
20.1.1
npm
meta-code-verify
8.2.31
npm
okta-signin-widget
8.2.31
npm
react-server-dom-unbundled
9.2.31
npm
shopify-perf-kit
8.2.31
npm
shopify-perf-kit
8.2.32
npm
stitch-ui-toolbox
20.1.1
npm
vitor-js
9.3.133
npm
x-clients-features
8.2.31
1-14 of 14
sonatype-2025-007707 | Components Impacted | Sonatype Guide | Sonatype Guide
