{"id":"MAL-2025-29127","summary":"Malicious code in phi3-webgpu (npm)","details":"The package phi3-webgpu was found to contain malicious code.\n\n---\n_-= Per source details. Do not edit below this line.=-_\n","modified":"2025-09-26T11:06:45Z","published":"2025-08-14T18:52:04Z","database_specific":{"malicious-packages-origins":[{"source":"reversing-labs","modified_time":"2025-08-28T07:36:04Z","sha256":"f5103d24c70551561daf6962505501ec6114100c21e309434e7cd034dc87038d","id":"RLMA-2025-04630","versions":["1.3.5"],"import_time":"2025-08-29T06:42:30.696276202Z"},{"source":"reversing-labs","modified_time":"2025-09-26T09:39:35Z","sha256":"92a0afdd79dd9b6cdcd264eff9ebb11302c62baf44033c96479ddbb4de929d18","id":"RLUA-2025-05118","versions":["1.1.1"],"import_time":"2025-09-26T11:06:12.939458952Z"}]},"affected":[{"package":{"name":"phi3-webgpu","ecosystem":"npm","purl":"pkg:npm/phi3-webgpu"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}],"versions":["1.3.5","1.1.1"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/phi3-webgpu/MAL-2025-29127.json"}}],"schema_version":"1.7.3","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}