Supply Chain Incidents

Malicious packages, backdoors, typosquats, and dependency confusion attacks

Total Incidents

npm PyPI RubyGems Go crates.io NuGet Packagist Clear

github.com/BufferZoneCorp/config-loader

MAL-2026-3620

Malicious code in github.com/BufferZoneCorp/config-loader (Go)

Malware

May 2026

github.com/BufferZoneCorp/grpc-client

MAL-2026-3627

Malicious code in github.com/BufferZoneCorp/grpc-client (Go)

Malware

May 2026

github.com/BufferZoneCorp/log-core

MAL-2026-3628

Malicious code in github.com/BufferZoneCorp/log-core (Go)

Malware

May 2026

github.com/BufferZoneCorp/go-stdlib-ext

MAL-2026-3624

Malicious code in github.com/BufferZoneCorp/go-stdlib-ext (Go)

Malware

May 2026

github.com/BufferZoneCorp/go-weather-sdk

MAL-2026-3626

Malicious code in github.com/BufferZoneCorp/go-weather-sdk (Go)

Malware

May 2026

github.com/BufferZoneCorp/go-envconfig

MAL-2026-3621

Malicious code in github.com/BufferZoneCorp/go-envconfig (Go)

Malware

May 2026

github.com/BufferZoneCorp/go-metrics-sdk

MAL-2026-3622

Malicious code in github.com/BufferZoneCorp/go-metrics-sdk (Go)

Malware

May 2026

github.com/BufferZoneCorp/net-helper

MAL-2026-3629

Malicious code in github.com/BufferZoneCorp/net-helper (Go)

Malware

May 2026

github.com/BufferZoneCorp/go-retryablehttp

MAL-2026-3623

Malicious code in github.com/BufferZoneCorp/go-retryablehttp (Go)

Malware

May 2026

github.com/BufferZoneCorp/go-stdlog

MAL-2026-3625

Malicious code in github.com/BufferZoneCorp/go-stdlog (Go)

Malware

May 2026

github.com/zarf-dev/zarf

GHSA-pj97-4p9w-gx3q

Zarf has a Path Traversal via Malicious Package Metadata.Name — Arbitrary File Write

Malware

1 CVE

Apr 2026

github.com/esm-dev/esm.sh

GHSA-2657-3c98-63jq

esm.sh has a path traversal in extractPackageTarball enables file writes from malicious packages

Malware

1 CVE

Jan 2026

github.com/ornatedoctrin/layout

MAL-2025-2546

Malicious code in github.com/ornatedoctrin/layout (Go)

Typosquat

Mar 2025

github.com/shallowmulti/hypert

MAL-2025-2548

Malicious code in github.com/shallowmulti/hypert (Go)

Typosquat

Mar 2025

github.com/vainreboot/layout

MAL-2025-2551

Malicious code in github.com/vainreboot/layout (Go)

Typosquat

Mar 2025

github.com/shadowybulk/hypert

MAL-2025-2547

Malicious code in github.com/shadowybulk/hypert (Go)

Typosquat

Mar 2025

github.com/thankfulmai/hypert

MAL-2025-2549

Malicious code in github.com/thankfulmai/hypert (Go)

Typosquat

Mar 2025

github.com/utilizedsun/layout

MAL-2025-2550

Malicious code in github.com/utilizedsun/layout (Go)

Typosquat

Mar 2025

github.com/belatedplanet/hypert

MAL-2025-2544

Malicious code in github.com/belatedplanet/hypert (Go)

Typosquat

Mar 2025

github.com/boltdb-go/bolt

MAL-2025-2545

Malicious code in github.com/boltdb-go/bolt (Go)

Typosquat

Mar 2025

Showing 1 - 20 of 20

Supply Chain Incidents

github.com/BufferZoneCorp/config-loader

github.com/BufferZoneCorp/grpc-client

github.com/BufferZoneCorp/log-core

github.com/BufferZoneCorp/go-stdlib-ext

github.com/BufferZoneCorp/go-weather-sdk

github.com/BufferZoneCorp/go-envconfig

github.com/BufferZoneCorp/go-metrics-sdk

github.com/BufferZoneCorp/net-helper

github.com/BufferZoneCorp/go-retryablehttp

github.com/BufferZoneCorp/go-stdlog

github.com/zarf-dev/zarf

github.com/esm-dev/esm.sh

github.com/ornatedoctrin/layout

github.com/shallowmulti/hypert

github.com/vainreboot/layout

github.com/shadowybulk/hypert

github.com/thankfulmai/hypert

github.com/utilizedsun/layout

github.com/belatedplanet/hypert

github.com/boltdb-go/bolt

Ready for Agentic Automated Testing?