{"id":"MAL-2025-33045","summary":"Malicious code in sha256-validation (npm)","details":"The package sha256-validation was found to contain malicious code.\n\n---\n_-= Per source details. Do not edit below this line.=-_\n","modified":"2026-03-19T12:48:07.819708Z","published":"2025-08-14T18:52:04Z","database_specific":{"malicious-packages-origins":[{"versions":["1.0.6","1.0.7","1.0.8","1.0.9","1.1.0","1.1.1","1.1.2","1.1.3","1.1.6","1.1.8","1.1.9","1.2.0","1.2.1","1.2.2","1.2.5","1.2.6","1.2.7","1.2.8","1.2.9","1.3.0","1.3.1","1.3.2"],"modified_time":"2025-08-28T07:40:01Z","import_time":"2025-08-29T06:42:35.830280321Z","id":"RLMA-2025-04679","sha256":"9517825d6b96484bf22ed4960d5c022bfe7068fea75cf3c4f3198b69554be838","source":"reversing-labs"},{"versions":["1.0.5","1.1.7","1.0.0","1.0.2","1.0.3","1.1.4","1.2.3","1.2.4","1.0.1"],"modified_time":"2025-09-26T09:43:34Z","import_time":"2025-09-26T11:06:13.303799007Z","id":"RLUA-2025-05156","sha256":"f2580675d809684737d4ac9e8dc5a843163c20c79ac7c0737d4efd21a66dc16c","source":"reversing-labs"},{"sha256":"bb5ee9d6d98d98b2bdb246de19e07ecb148ef274cd996fbb49e9244db97f1148","modified_time":"2026-03-18T13:09:10Z","import_time":"2026-03-19T12:20:59.78428845Z","id":"RLUA-2026-01562","source":"reversing-labs"}]},"references":[{"type":"WEB","url":"https://www.getsafety.com/blog-posts/malicious-hash-validation-packages"}],"affected":[{"package":{"name":"sha256-validation","ecosystem":"npm","purl":"pkg:npm/sha256-validation"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}],"versions":["1.0.6","1.0.7","1.0.8","1.0.9","1.1.0","1.1.1","1.1.2","1.1.3","1.1.6","1.1.8","1.1.9","1.2.0","1.2.1","1.2.2","1.2.5","1.2.6","1.2.7","1.2.8","1.2.9","1.3.0","1.3.1","1.3.2","1.0.5","1.1.7","1.0.0","1.0.2","1.0.3","1.1.4","1.2.3","1.2.4","1.0.1"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/sha256-validation/MAL-2025-33045.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}