Components
Vulnerabilities
Pricing
MCP
Docs
Sign up
Login
Find vulnerabilities. Fix fast with AI.
Search components by package, version, or CVE to get started.
Ecosystem
Package
Version
Vulnerabilities
sonatype-2026-000637
sonatype-2026-000637
Malicious Packages - Mon Mar 02 2026 [Info Stealer]
Published Mar 2, 2026
https://help.sonatype.com/en/sonatype-malware-data.html
https://osv-vulnerabilities.storage.googleapis.com/PyPI/MAL-2026-1063.json
https://osv-vulnerabilities.storage.googleapis.com/PyPI/MAL-2026-1064.json
https://osv-vulnerabilities.storage.googleapis.com/PyPI/MAL-2026-1082.json
https://osv-vulnerabilities.storage.googleapis.com/PyPI/MAL-2026-1086.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2026-1087.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2026-1093.json
CVSS Score
Medium
5.3
Components Impacted
Components Impacted
Security Details
Security Details
Sonatype Research
Sonatype Research
Ecosystem
Package
Version
Ecosystem
Package
Version
npm
azurestack-common
1.0.2
npm
bps-design-system
25.11.88
pypi
cdf-clients
0.0.1
pypi
cicd-ppe-redteam-test01
1.0.0
pypi
cicd-ppe-redteam-test02
1.0.0
pypi
cicd-ppe-redteam-test02
1.0.2
pypi
cicd-ppe-redteam-test02
1.0.3
npm
codeanalysis-common
1.0.2
npm
codecoverage-tools
1.0.2
npm
gaia-marionette
1.0.1
npm
jsx-import-test
1.0.1
npm
mangeshhackerhai
1.0.1
npm
native_dep
1.0.1
npm
native_dep
1.0.2
npm
native_dep
1.0.3
npm
naughty-package
1.0.1
npm
naughty-package
1.0.2
npm
naughty-package
1.0.3
npm
naughty-package
1.0.4
npm
naughty-package
1.0.5
npm
naughty-package
1.0.6
npm
naughty-package
1.0.7
npm
naughty-package
1.0.8
npm
nuget-task-common
1.0.4
npm
piyush_test_vadapav
1.0.1
npm
securefiles-common
1.0.3
npm
ssh-common
1.0.2
pypi
tchap-bot
199.0.99
npm
woltpickerapp
40.6.2
1-29 of 29
sonatype-2026-000637 | Components Impacted | Sonatype Guide | Sonatype Guide
