Lucene search
+L

309 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago7 views

Malicious code in testdonotredeemit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b9f9461b13f64b90e569dcc6354708559128c23f4e47e4ac5842b46ce0fb6ed2 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago7 views

Malicious code in backup5-updated (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0fbc0dc5fea4212458853e895b9b9df474401727a4768f47e3016a8c871fd5c7 The package tarball contains multiple heavily obfuscated JavaScript bundles under assets/ AccountPage, DarkVeil, GamesPage, PlusBlockedNote,...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/07 3:34 p.m.14 views

Malicious code in load-nuxt-dev (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf0f879297070c07197ace88cfb411c61d497ad150e39c2c5c91349737f5d83a The package name resembles the legitimate Nuxt ecosystem tooling e.g., @nuxt/load-nuxt, and the version 99.0.3 is a common dependency-confusion /...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/07/06 6:59 p.m.5 views

MAL-2026-6900 Malicious code in txs-data (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 74154a8e4e769872929446eb17b4dc59a1b491508c7bd05e55d1cdb232ecf2aa The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 5:11 a.m.10 views

Malicious code in pino-zod (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 92ceffaf94fc190f70c18587857f2f0a674a9699512eec79f5cf738eefaa54ca Package advertises itself as a pino+zod logging helper but ships content that does not match that purpose: a dist/discordRelayUpload.js module...

6.3AI score
Exploits0References3
OSV
OSV
added 2026/06/25 2:16 a.m.2 views

MAL-2026-6411 Malicious code in data-fetching-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 913d882d66d587abb1d6fe92b8b6d7353c1b4ae79fb175cc3f10b606dd5f8457 Package self-identifies in its package.json description as a bug-bounty dependency-confusion proof-of-concept against an internal package name of the...

6.3AI score
Exploits0References2
OSV
OSV
added 2026/06/17 11:11 a.m.8 views

MAL-2026-6052 Malicious code in @mastra/github-signals (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e263abbd9ed9975f3f8aaecfd1a780616bc3aef00238ed9ba9075b5bf4e38f37 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 3:12 a.m.18 views

Malicious code in @mastra/sentry (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 08da35ae5d7bc21a7de70c2ed41f52a7a399a58fc26577835f8577fd0053136d The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/06/17 3:11 a.m.8 views

MAL-2026-5947 Malicious code in @mastra/evals (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c9bc49e06e746f572e3d99fcd89abf22d51e094de6629cb9cce1988e2d3e08c4 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSV
OSV
added 2026/06/11 9:35 a.m.14 views

MAL-2026-5625 Malicious code in clsx-tailwind (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e1efb9d7593baede89024227d99cc6ca9fc0c86e1f0faf8dd78560174cf1b39 Package advertises a trivial Tailwind class-name merger a 5-line cn helper but its main entry dist/index.js unconditionally requires...

5.5AI score
Exploits0References2
OSV
OSV
added 2026/06/09 2:17 p.m.15 views

MAL-2026-5369 Malicious code in @doaction/auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a625267416db212dbcffcba51a6ac48bd779ccd3760b7ef8f59e6b4905df44e5 package.json declares "preinstall": "node scripts/postinstall.js", which requires '@doaction/shared/bin/postinstall.js'. The package's stated purpose...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/29 10:2 p.m.19 views

Malicious code in gcp-api-enabler (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2a14212abcc7c3f9f662ffcc18752c5fa10f94d07ef3b7c820637eea7d02c3ab Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/25 8:20 a.m.13 views

Malicious code in explorhub-claude-bridge (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5888ca1c6b220e4722ac7efe59117b3166ac06da038871ddd7bf9e1538e54bbe Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/20 4:44 p.m.10 views

MAL-2026-4191 Malicious code in iv-bloomfilter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e7f2a3b58036e1174efe383ee906172b07f9ddc3410d913e51b4e614f9ff09ee Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/15 11:24 a.m.12 views

Malicious code in dowload_ebok_los_enemigos_del_comercio_by_antonio_escohotado_6t2l4 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1ecb449c7c0f418834fbc3e22c6d061ef50d4d6bdbb1e40d19fb85023be2be5f The package dowloadeboklosenemigosdelcomerciobyantonioescohotado6t2l4 was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/12 4:38 a.m.11 views

Malicious code in @uipath/widget.sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8e72fd5223273f42c47db6b5b8217e2cdce8589d9cf9545621606c249facc6ff Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References6
OSV
OSV
added 2026/05/12 12:23 a.m.11 views

MAL-2026-3440 Malicious code in @squawk/airways (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a54989a6191f1d94771608b8f3552bda56715631b5a25aa301da35cd1ccd869b The package @squawk/airways was found to contain malicious code. Source: ghsa-malware d2d4644fde6979be241ba839c52ea3532ef3b0b25355b239ade4e1dafd9e272...

5.8AI score
Exploits0References6
OSV
OSV
added 2026/05/12 12:19 a.m.60 views

MAL-2026-3435 Malicious code in @squawk/airport-data (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a12035131eafd29a07572751653f857706ac1b113fcbd498a70f54d96d5276cc The package @squawk/airport-data was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References6
OSV
OSV
added 2026/05/11 11:56 p.m.15 views

MAL-2026-3475 Malicious code in @tanstack/router-devtools-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fb87d1d0c584c5a4a5081a2823f9791c367b90702417bfee06d31e57856c1535 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References6
OSV
OSV
added 2026/05/04 1:43 a.m.6 views

MAL-2026-3277 Malicious code in edj-shopify-theme (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b0e23978c8bb0369f485f8c3e2384f10d9e649d13a3c198475ace4184c3757a5 The package edj-shopify-theme was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
Rows per page
Query Builder