npm package
prebid.js
pkg:npm/prebid.js
Malware
3 malicious versions on record
One or more versions of this package have been flagged as containing malicious code. Audit any system that installed an affected version.
- GHSA-jwq7-6j4r-2f92Prebid.js NPM package briefly compromisedSep 11, 2025
- MAL-2025-46990Malicious code in prebid.js (npm)Sep 9, 2025
- GHSA-4hjx-fhh8-vr6jDuplicate Advisory: Malware in prebid.jsSep 9, 2025
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-59038 | Hig | — | >= 10.9.2, < 10.10.0 | 10.10.0 | Sep 9, 2025 | Prebid.js is a free and open source library for publishers to quickly implement header bidding. NPM users of prebid 10.9.2 may have been briefly compromised by a malware campaign. The malicious code attempts to redirect crypto transactions on the site to the attackers' wallet. Ve |
- affected >= 10.9.2, < 10.10.0fixed 10.10.0
Prebid.js is a free and open source library for publishers to quickly implement header bidding. NPM users of prebid 10.9.2 may have been briefly compromised by a malware campaign. The malicious code attempts to redirect crypto transactions on the site to the attackers' wallet. Ve