Components
Vulnerabilities
Pricing
MCP
Docs
Sign up
Login
Find vulnerabilities. Fix fast with AI.
Search components by package, version, or CVE to get started.
Ecosystem
Package
Version
Vulnerabilities
sonatype-2026-000404
sonatype-2026-000404
Malicious Packages - Wed Feb 11 2026 [Dropper]
Published Feb 11, 2026
https://help.sonatype.com/en/sonatype-malware-data.html
https://osv-vulnerabilities.storage.googleapis.com/PyPI/MAL-2026-878.json
CVSS Score
High
8.7
Components Impacted
Components Impacted
Security Details
Security Details
Sonatype Research
Sonatype Research
Ecosystem
Package
Version
Ecosystem
Package
Version
npm
chai-await
2.4.5
npm
chai-await-cli
2.3.5
npm
chai-cli
2.4.5
npm
chai-cli-async
3.3.5
npm
chai-cli-await
2.4.5
npm
chai-cli-sinon
2.4.5
npm
chai-promised-plugin
2.3.5
npm
chain-cli-promised
2.3.5
npm
chain-promised
2.3.5
npm
chain-promised-async
3.5.5
npm
chain-promised-await
3.5.5
npm
chain-promised-cli
3.3.5
npm
chain-test-await
2.5.5
npm
dotenv-cli-node
2.4.5
npm
dotenv-int
3.5.5
npm
dotenv-node-cli
3.3.5
npm
dotenv-node-promised
2.3.5
npm
dotenv-plugin
2.3.5
npm
dotenv-promised
2.3.5
npm
dotenv-xtend
2.5.5
npm
dotenvx-int
3.5.5
npm
dotenvx-node-cli
2.4.5
npm
env-extend
2.5.5
pypi
magichat
0.1.0
pypi
magichat
1.0.1
pypi
magichat
1.0.2
pypi
magichat
1.0.3
pypi
magichat
1.0.4
pypi
magichat
1.0.5
pypi
magichat
1.0.6
pypi
magichat
1.0.7
pypi
magichat
1.0.8
pypi
magichat
1.0.9
pypi
magichat
1.1.0
pypi
magichat
1.1.1
pypi
magichat
1.1.2
pypi
magichat
1.1.8
pypi
magichat
1.2.2
pypi
magichat
1.2.3
pypi
magichat
1.2.5
npm
node-cli-dotenv
2.4.5
npm
node-dotenv-cli
2.4.5
npm
web3-sinon
3.3.5
1-43 of 43
sonatype-2026-000404 | Components Impacted | Sonatype Guide | Sonatype Guide
