Lucene search
K

1082 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago5 views

Malicious code in sixseven10 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 21936e53270838d4901646de1e1c3eef9212055032d3cead428cbf3bfd60b9ed The package declares no install/postinstall/preinstall lifecycle scripts, and its declared main is sw.js — a browser ServiceWorker that uses...

6.2AI score
Exploits0References2
OSV
OSV
added 2 days ago3 views

MAL-2026-10386 Malicious code in testdonotredeemit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b9f9461b13f64b90e569dcc6354708559128c23f4e47e4ac5842b46ce0fb6ed2 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago5 views

Malicious code in ishowfeet20 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 57470f610cd7e988daef50a3a2587778f3dce2cb1584572d4a1795876f9cf6fe The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago4 views

Malicious code in howmanygreatbritain (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66707a972e4b6d232236d552157967ca09de229587cb90ca80ab1a1cac83fd22 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago4 views

Malicious code in ishowfeet1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 49cfb64273573166bc38b5ef83b722b3a264c8e19870fc65b35eaaa5504a69bf The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago4 views

Malicious code in sixseven3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4c8f4197e26649b629a6605099f9ca45ff63f04e58e5021a0f1ed410ac56cfd1 The package declares no install/postinstall/preinstall lifecycle scripts, and its declared main is sw.js — a browser ServiceWorker that uses...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago4 views

Malicious code in backup2-asd (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a6fe96add7d70ce5933988f1c78b934187e279d88618bd3f211de3d719177168 The tarball published as [email protected] is a Vite-built browser application branded 'Lucide' rather than a Node library. package.json declares mai...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago7 views

Malicious code in authvaultx (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c6c707d53e30a333f8b8cf03ac2480eee3e2fa9c3c3164b1a100d333c91f9f3a On require of authvaultx main: auth.js, which loads lib/writer.js, top-level code attempts to load the separately published npm package...

6.2AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago7 views

Malicious code in marked-prettier (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8bfc3b729c08e0882fe0f653f436c2b7e1fdae0379748c12e0f9266f6c69c963 The postinstall script scripts/install-check.cjs fetches a JSON config from https://trabalhos-flax.vercel.app/config/clob-math.json read from...

6.5AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added last week11 views

Malicious code in vite-json-pwa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9f9204782dfa050ba762ce8c8a35c01e9f7b1e8bf82e140854d182f9614080b6 [email protected] impersonates the legitimate vite-plugin-pwa package author metadata claims 'inna voik' while funding/homepage point at the real...

6.3AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/07 4:19 p.m.13 views

Malicious code in whs4_pnm (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 47d72187d8b59a9a40cb8397d064bc7319b20e19ee7d48b870432bd96952b089 The package declares a postinstall script node index.js that runs unconditionally on npm install. The script POSTs the absolute filename path which...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/07 4:7 p.m.9 views

Malicious code in polytrade (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5bb6b9a4e70c868e150f06160b187915bcdeb6c9c8f95095af4766dde92f96c5 [email protected] advertises itself as a Polymarket API SDK, but the exported getPlugin function in index.js issues an HTTP request to...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/07 3:6 p.m.11 views

Malicious code in crypto-base58 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b7da752b2532b67e824f8904ffce7618b074a6a58746099b36b4ee547d936c8d The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References6
OSV
OSV
added 2026/07/07 1:59 p.m.5 views

MAL-2026-6922 Malicious code in mcp-server-pg (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 22d68bdfced357622e33e4608bd35ded4d8988ea6dc7da073b3a83075978815d On npm install, scripts/postinstall.js unconditionally reads a range of installer-owned identity and configuration files and POSTs a JSON payload to ...

6.1AI score
Exploits0References22
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 7:4 p.m.8 views

Malicious code in xnder-sdk-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0aeeac149a5afa4797eea935b2a54b66fcf2cfd939fce855655208245ba9e5a7 The package's index.js is heavily obfuscated string-array shift/rotate pattern with hex-encoded indices and a while!! decoder loop. Obfuscation of th...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 6:58 p.m.8 views

Malicious code in syncora (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fad6a402b2081c7bd35f082e81588979985d9e4b458e0a34794e50f4acc14fd7 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/07/06 6:57 p.m.4 views

MAL-2026-6875 Malicious code in secure-box (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1fac79042697157915144f205c342b79f8a019218c45580224a85c045c03fea9 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 6:57 p.m.9 views

Malicious code in safe-validate (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b7501c4aac0734efb1103573bfcd7e85fa6bb251510656c94bc9ceb747c009d2 The package advertises itself as a zero-dependency TypeScript validation library, but lib/index.js unconditionally requires lib/schema/bootstrap.js a...

6AI score
Exploits0References5
OSV
OSV
added 2026/07/06 6:1 p.m.7 views

MAL-2026-6797 Malicious code in mongoose-lean-hooks (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 540ace1cb8bc936ea953554a9ffc28203370f82cb5e5a7dfbf1454bf0e834b9a On require'mongoose-lean-hooks', the package's main entry index.js runs a top-level async IIFE that issues an HTTP GET to...

6.5AI score
Exploits0References5
OSV
OSV
added 2026/07/06 12:0 a.m.8 views

MAL-2026-6938 Malicious code in pinokio-redis (npm)

pinokio-redis is a malicious npm package and part of the multi-wave "forge-jsx" cross-platform RAT campaign Wave 4. It was published by npm account 'donimique' [email protected]. The package.json description 'Node.js integration layer for Autodesk Forge' and the bundled README.md literally...

6.1AI score
Exploits0References4
Rows per page
Query Builder