diff --git a/osv/malicious/npm/hardhat-dotenv/MAL-0000-hardhat-dotenv.json b/osv/malicious/npm/hardhat-dotenv/MAL-0000-hardhat-dotenv.json
new file mode 100644
index 0000000000..f77b664935
--- /dev/null
+++ b/osv/malicious/npm/hardhat-dotenv/MAL-0000-hardhat-dotenv.json
@@ -0,0 +1,29 @@
+{
+    "modified": "2025-01-09T17:22:47.785671Z",
+    "published": "2025-01-09T17:22:47.785671Z",
+    "schema_version": "1.5.0",
+    "id": "",
+    "summary": "Malicious code in hardhat-dotenv (npm)",
+    "details": "The package contains code to exfiltrate environment variables to an attacker-controlled server.",
+    "affected": [
+        {
+            "package": {
+                "ecosystem": "npm",
+                "name": "hardhat-dotenv"
+            },
+            "versions": [
+                "16.4.8",
+                "16.4.7"
+            ]
+        }
+    ],
+    "credits": [
+        {
+            "name": "Stacklok Insight: insight.stacklok.com",
+            "type": "FINDER",
+            "contact": [
+                "https://discord.com/invite/RkzVuTp3WK"
+            ]
+        }
+    ]
+}
\ No newline at end of file