{"id":"MAL-2025-31297","summary":"Malicious code in quick-start_onnxruntime-node (npm)","details":"The package quick-start_onnxruntime-node was found to contain malicious code.\n\n---\n_-= Per source details. Do not edit below this line.=-_\n","modified":"2025-09-26T11:06:45Z","published":"2025-08-14T18:52:04Z","database_specific":{"malicious-packages-origins":[{"modified_time":"2025-08-28T07:37:04Z","versions":["1.3.5"],"import_time":"2025-08-29T06:42:32.424418808Z","source":"reversing-labs","sha256":"de6bded1c09c9b1bc5cc038ea020476b3b964bdfab6517db4be9cc6bfdd41055","id":"RLMA-2025-04647"},{"modified_time":"2025-09-26T09:40:36Z","versions":["1.1.1"],"import_time":"2025-09-26T11:06:13.061269643Z","source":"reversing-labs","sha256":"d275378d8c1357b30587d114b836cc08e988a7e9d0537c3927dbdab1f5a67802","id":"RLUA-2025-05132"}]},"affected":[{"package":{"name":"quick-start_onnxruntime-node","ecosystem":"npm","purl":"pkg:npm/quick-start_onnxruntime-node"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}],"versions":["1.3.5","1.1.1"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/quick-start_onnxruntime-node/MAL-2025-31297.json"}}],"schema_version":"1.7.3","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}