VDB

MAL-2026-3147

MAL-2026-3147 PUBLISHED CVSS 9.300000190734863 CRITICAL

--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (fbfed1f09c009e285a20b7f2914257795846bf558a735467cb742ab4bc53165b) The package coinmate-typescript-client was found to contain malicious code. ## Source: ossf-package-analysis (6948d3a04db0cd4d3fccc7478ed34991379556660af69fcbabaf3a4c640690e0) The OpenSSF Package Analysis project identified 'coinmate-typescript-client' @ 99.0.0 (npm) as malicious. It is considered malicious because: - The package communicates with a domain associated with malicious activity.

Risk Scores

CVSS 4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products

VendorProductVersions
npmcoinmate-typescript-client99.0.0, 99.0.0

Timeline

  • Apr 29, 2026 CVE Published
  • Apr 30, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›