@vtim/xss-poc

MAL-2026-1440

npmmalware3/16/2026
Description

Malicious code in @vtim/xss-poc (npm)

Indicators of Compromise
SHA256 Hashes (2)
20e54e730a6708f44f0828a03bf7ac5c9fb2c88074659d45570d90af289eca84
947e0af0661087703ab13fc4220ceff05dafffb94addd8243f90a86929beaf3c
References (1)
https://github.com/advisories/GHSA-w9f6-gprr-mq9qOSV
Details
Ecosystemnpm
Attack Typemalware
Published3/16/2026
Affected Versions
0
Aliases
GHSA-w9f6-gprr-mq9q
Quick Actions
All Incidentsnpm Incidents
Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives
PoC for every finding
30+ tools orchestrated
Book a DemoLearn More
Setup in 5 minutesSOC 2 & ISO 27001