Components
Vulnerabilities
Pricing
MCP
Docs
Sign up
Login
Find vulnerabilities. Fix fast with AI.
Search components by package, version, or CVE to get started.
Ecosystem
Package
Version
Vulnerabilities
sonatype-2026-000186
sonatype-2026-000186
Malicious Packages - Tue Jan 20 2026 [Credential Info Stealer]
Published Jan 20, 2026
https://help.sonatype.com/en/sonatype-malware-data.html
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2026-370.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2026-377.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2026-482.json
CVSS Score
High
7.1
Components Impacted
Components Impacted
Security Details
Security Details
Sonatype Research
Sonatype Research
Ecosystem
Package
Version
Ecosystem
Package
Version
npm
alfasec
1.2.0
npm
alfasec
1.2.1
npm
alfasec
2.0.0
npm
alfasec
3.0.0
npm
alfasec
4.0.0
npm
alfasec
5.0.0
npm
alfasec
6.0.0
npm
alfasec
7.0.0
npm
potdf
0.0.1-security
npm
potdf
10.0.0
npm
potdf
10.0.1
npm
potdf
10.0.2
npm
potdf
10.0.3
npm
potdf
11.0.0
npm
potdf
8.0.0
npm
potdf
9.0.0
npm
public-site-boostmoney-ui
99.9.10
npm
public-site-boostmoney-ui
99.9.9
npm
sezzle
0.0.1-security
npm
sezzle
10.0.0
1-20 of 20
sonatype-2026-000186 | Components Impacted | Sonatype Guide | Sonatype Guide
