Ecosystem	Package	Version

Vulnerabilities

sonatype-2026-000021

sonatype-2026-000021

Malicious Packages - Tue Jan 06 2026 [Info Stealer/Host Data]

Published Jan 6, 2026

https://help.sonatype.com/en/sonatype-malware-data.html https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2026-34.json

CVSS ScoreMedium

5.3

Ecosystem	Package	Version


npm	@xiaochuan-dev/music-source	0.0.1
npm	@xiaochuan-dev/music-source	0.0.2
npm	@xiaochuan-dev/music-source	0.0.3
npm	@xiaochuan-dev/music-source	0.0.4
npm	@xiaochuan-dev/music-source	0.0.5
npm	@xiaochuan-dev/music-source	0.0.6
npm	atm_bmw	0.0.1-security
npm	atm_bmw	2.0.1
pypi	gatr	0.0.0
pypi	gatr	0.0.1

sonatype-2026-000021 | Components Impacted | Sonatype Guide | Sonatype Guide