{"id":"MAL-2026-1780","summary":"Malicious code in libxmljs2qaz (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (4f64f090b82381f264f574df9a6c965210764f25bcc6e57a1a0811cbca70fc20)\nThe package libxmljs2qaz was found to contain malicious code.\n","modified":"2026-03-23T05:43:50.704082Z","published":"2026-03-18T12:57:40Z","database_specific":{"malicious-packages-origins":[{"versions":["0.30.2"],"modified_time":"2026-03-18T12:57:40Z","id":"RLMA-2026-01413","source":"reversing-labs","sha256":"534a955de690d55e564ad3c74e1a773f14e637388646c1fa1246b53a75356403","import_time":"2026-03-19T12:18:59.759632208Z"},{"versions":["0.30.2"],"modified_time":"2026-03-23T05:11:41Z","source":"amazon-inspector","sha256":"4f64f090b82381f264f574df9a6c965210764f25bcc6e57a1a0811cbca70fc20","import_time":"2026-03-23T05:14:29.899030231Z"}]},"affected":[{"package":{"name":"libxmljs2qaz","ecosystem":"npm","purl":"pkg:npm/libxmljs2qaz"},"versions":["0.30.2"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/libxmljs2qaz/MAL-2026-1780.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}