Components
Vulnerabilities
Pricing
MCP
Docs
Sign up
Login
Find vulnerabilities. Fix fast with AI.
Search components by package, version, or CVE to get started.
Ecosystem
Package
Version
Vulnerabilities
sonatype-2025-007716
sonatype-2025-007716
Malicious Packages - Wed Dec 31 2025 [Info Stealer]
Published Jan 3, 2026
https://help.sonatype.com/en/sonatype-malware-data.html
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2026-156.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2026-158.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2026-436.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2026-437.json
CVSS Score
Medium
5.3
Components Impacted
Components Impacted
Security Details
Security Details
Sonatype Research
Sonatype Research
Ecosystem
Package
Version
Ecosystem
Package
Version
npm
babel-preset-ibm-cloud-cognitive
12.0.2
npm
common-cli-utils
0.0.0
npm
common-cli-utils
0.0.1-security
npm
eslint-config-sdk
1.1.3
npm
html-streaming-processor
3.0.0
npm
identity-emitter
0.1.8
npm
jest-config-ibm-cloud-cognitive
12.0.2
npm
jquery-ajaxchimp
0.0.1-security
npm
jquery-ajaxchimp
1.0.0
npm
lumo-api-client
0.0.1-security
npm
lumo-api-client
3.0.0
npm
ok-jest-config
5.0.0
npm
ok-jest-config
5.1.0
npm
rules-deployer
0.0.0
npm
rules-deployer
0.0.1-security
npm
rules-playground
0.0.1-security
npm
rules-playground
0.0.3
npm
sparkling-cli
0.0.1-security
npm
sparkling-cli
1.0.0-rc.1
npm
spire.officejs-common
1.0.0
npm
spire.officejs-common
99.0.1
npm
spire.officejs-document
1.0.0
npm
spire.officejs-document
99.0.1
npm
spire.officejs-editors
1.0.0
npm
spire.officejs-editors
99.0.1
npm
spire.officejs-externs
99.0.1
npm
spire.officejs-fonts
99.0.1
npm
timeout-ts
0.0.99
1-28 of 28
sonatype-2025-007716 | Components Impacted | Sonatype Guide | Sonatype Guide
