VDB
MAL-2026-3147
MAL-2026-3147
PUBLISHED
CVSS 9.300000190734863 CRITICAL
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (fbfed1f09c009e285a20b7f2914257795846bf558a735467cb742ab4bc53165b) The package coinmate-typescript-client was found to contain malicious code. ## Source: ossf-package-analysis (6948d3a04db0cd4d3fccc7478ed34991379556660af69fcbabaf3a4c640690e0) The OpenSSF Package Analysis project identified 'coinmate-typescript-client' @ 99.0.0 (npm) as malicious. It is considered malicious because: - The package communicates with a domain associated with malicious activity.
Risk Scores
CVSS 4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| npm | coinmate-typescript-client | 99.0.0, 99.0.0 |
Timeline
- Apr 29, 2026 CVE Published
- Apr 30, 2026 CVE Updated