Lucene search
K

72 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago8 views

Malicious code in ipa-user-collector (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2df148f70b40274f48d5bc4d8ea5a97bb434a743cf7a5c1b271a5a5cd7fa3907 During installation the obfuscated code downloads a malicious executable from a remote location. Code is designed to survive different blocks: first, there is ...

6.2AI score
Exploits0References2
OSV
OSV
added 5 days ago5 views

MAL-2026-6749 Malicious code in ipa-user-collector (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2df148f70b40274f48d5bc4d8ea5a97bb434a743cf7a5c1b271a5a5cd7fa3907 During installation the obfuscated code downloads a malicious executable from a remote location. Code is designed to survive different blocks: first, there is ...

6.2AI score
Exploits0References2
OSV
OSV
added 5 days ago8 views

MAL-2026-6748 Malicious code in haproxy-config-client (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f70d07844bca4fadfcedb195f5768c8a95318af4d62a4bcec94556b99b72c4ad During installation the obfuscated code downloads a malicious executable from a remote location. Code is designed to survive different blocks: first, there is ...

6.2AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago8 views

Malicious code in haproxy-config-client (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f70d07844bca4fadfcedb195f5768c8a95318af4d62a4bcec94556b99b72c4ad During installation the obfuscated code downloads a malicious executable from a remote location. Code is designed to survive different blocks: first, there is ...

6.2AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 8:34 p.m.13 views

Malicious code in mcp-server-figma (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 474223e0d5456564c1ae112031e3b8f276850a79f59cc93ed3a04805de291f20 Package squats the unscoped name mcp-server-figma, which AI coding agents and developers commonly invoke via npx mcp-server-figma expecting the...

5.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 8:33 p.m.16 views

Malicious code in mcp-server-supabase (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 85ea87cccc1a60ceb3cf3efe3d5e9839ae5e2a53beaa024a66827f2cdc2504c8 Package squats the unscoped name mcp-server-supabase to intercept npx mcp-server-supabase invocations intended for the official scoped Supabase Model...

5.4AI score
Exploits0References2
OSV
OSV
added 2026/06/09 8:33 p.m.18 views

MAL-2026-5485 Malicious code in mcp-server-supabase (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 85ea87cccc1a60ceb3cf3efe3d5e9839ae5e2a53beaa024a66827f2cdc2504c8 Package squats the unscoped name mcp-server-supabase to intercept npx mcp-server-supabase invocations intended for the official scoped Supabase Model...

5.4AI score
Exploits0References2
OSV
OSV
added 2026/05/22 7:13 a.m.14 views

MAL-2026-4671 Malicious code in skipshot-agent (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fac3c49a9fc03e78a2f398a75c919221873a1ed0acd2303b6642300b04af1735 On install, dist/cli/install.js performs a POST to the hardcoded URL https://edge-gateway.botmarket.workers.dev carrying values read from process.env...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/21 6:41 p.m.8 views

MAL-2026-4402 Malicious code in @kyungseopk1m/holidays-kr (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f8538f74ec98ab5287a941ebac99e8624ba40d809edbc5b033da1150254d8215 On import/use, dist/cjs/index.js and dist/mjs/index.js call fetch against the hardcoded endpoint https://kdata.kxxseop.workers.dev with data sourced...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/21 6:41 p.m.12 views

Malicious code in @kyungseopk1m/holidays-kr (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f8538f74ec98ab5287a941ebac99e8624ba40d809edbc5b033da1150254d8215 On import/use, dist/cjs/index.js and dist/mjs/index.js call fetch against the hardcoded endpoint https://kdata.kxxseop.workers.dev with data sourced...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/21 12:0 a.m.34 views

Malicious code in polymarket-bot (npm)

A coordinated supply-chain attack comprising 9 npm packages published by maintainer polymarketdev GitHub actor texsellix, repo texsellix/polymarket-trading-bot within a 2-minute window on 2026-05-20T23:30Z–23:32Z. All packages masquerade as legitimate Polymarket CLOB trading tools while...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/21 12:0 a.m.14 views

Malicious code in polymarket-trading-cli (npm)

A coordinated supply-chain attack comprising 9 npm packages published by maintainer polymarketdev GitHub actor texsellix, repo texsellix/polymarket-trading-bot within a 2-minute window on 2026-05-20T23:30Z–23:32Z. All packages masquerade as legitimate Polymarket CLOB trading tools while...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/21 12:0 a.m.12 views

Malicious code in polymarket-auto-trade (npm)

A coordinated supply-chain attack comprising 9 npm packages published by maintainer polymarketdev GitHub actor texsellix, repo texsellix/polymarket-trading-bot within a 2-minute window on 2026-05-20T23:30Z–23:32Z. All packages masquerade as legitimate Polymarket CLOB trading tools while...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/21 12:0 a.m.11 views

MAL-2026-4215 Malicious code in polymarket-trade (npm)

A coordinated supply-chain attack comprising 9 npm packages published by maintainer polymarketdev GitHub actor texsellix, repo texsellix/polymarket-trading-bot within a 2-minute window on 2026-05-20T23:30Z–23:32Z. All packages masquerade as legitimate Polymarket CLOB trading tools while...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 6:33 p.m.12 views

Malicious code in cb-wallet-http (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e8d704c0a6a48da0e2fef8eddcd1f98e7d380c3e19f22753f3df51d9893f60ce Package name mimics Coinbase's internal cb-wallet- namespace to capture dependency-confusion resolutions. On npm install postinstall.js and on...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/12 7:42 a.m.12 views

Malicious code in 0ctf-chalweb (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6d7a129ab6079febb92ceac3587af97653477bce8a65b8e85bfa5bcae0293b0d The package's entire content xss.js is a 2-line cookie-stealing payload that creates an Image element pointing to...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/07 12:0 a.m.15 views

Malicious code in camelotlabs-core (npm)

Five packages camelotlabs-sdk, camelotlabs-core, camelotlabs-config, camelotlabs-worker, and camelotlabs-utils were published to the public npm registry at version 99.0.0 by the actor madman0619 as a dependency confusion attack targeting the internal npm packages of Camelot Labs. The inflated...

5.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/07 12:0 a.m.21 views

Malicious code in camelotlabs-sdk (npm)

Five packages camelotlabs-sdk, camelotlabs-core, camelotlabs-config, camelotlabs-worker, and camelotlabs-utils were published to the public npm registry at version 99.0.0 by the actor madman0619 as a dependency confusion attack targeting the internal npm packages of Camelot Labs. The inflated...

5.9AI score
Exploits0
OSV
OSV
added 2026/05/07 12:0 a.m.6 views

MAL-2026-3642 Malicious code in camelotlabs-sdk (npm)

Five packages camelotlabs-sdk, camelotlabs-core, camelotlabs-config, camelotlabs-worker, and camelotlabs-utils were published to the public npm registry at version 99.0.0 by the actor madman0619 as a dependency confusion attack targeting the internal npm packages of Camelot Labs. The inflated...

5.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/07 12:0 a.m.18 views

Malicious code in camelotlabs-utils (npm)

Five packages camelotlabs-sdk, camelotlabs-core, camelotlabs-config, camelotlabs-worker, and camelotlabs-utils were published to the public npm registry at version 99.0.0 by the actor madman0619 as a dependency confusion attack targeting the internal npm packages of Camelot Labs. The inflated...

5.9AI score
Exploits0
Rows per page
Query Builder