Lucene search
K

589 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in sixseven9 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b1ed9c23f2c82d9e91d783110274aff10788de9e0e9a783964702ea26c7b1cc4 The package declares no install/postinstall/preinstall lifecycle scripts, and its declared main is sw.js — a browser ServiceWorker that uses...

6.2AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in ishowfeet9 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 248f82bac5fecfd3cc8e27d3c4cc6f48f310aef9c069e64cc33a407cd79369bb The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSV
OSV
added 2026/07/07 3:34 p.m.6 views

MAL-2026-6937 Malicious code in nuxt-fonts-devtools (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d6ede5024b6ee71356eedb3dfb3bb648682901bf6b966bbe353daff6082ecc85 Package ships only a package.json and a readme; there is no main entry, no bin, no scripts, no dependencies, and no executable code. The readme...

6.2AI score
Exploits0References2
OSV
OSV
added 2026/07/07 3:34 p.m.7 views

MAL-2026-6934 Malicious code in load-nuxt (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d5e95bb337136d6bfafcd6f21bb8cb1d98da703f7e20b851b3af82876018ffac Package name resembles the Nuxt ecosystem's helper naming 'load-nuxt' and is published at version 99.0.3, a version-number shape frequently used in...

6.2AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/07 3:34 p.m.9 views

Malicious code in some-theme (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 97420170b95f54c404226b47901bbd45ec03ed0a427369b50add75297a2dcb80 Package [email protected] was scanned across 2 files with no a static rule matches and no behavioral findings. No install-time lifecycle execution, n...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/07/07 3:34 p.m.8 views

MAL-2026-6941 Malicious code in shopify-internel (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3eb1d4e4e70cff6efbfec48cbf205e071c73a70003863e2293dbf7035547f560 Package name 'shopify-internel' is a one-character misspelling of 'shopify-internal' and appears to squat on the Shopify namespace. The tarball...

6.3AI score
Exploits0References2
OSV
OSV
added 2026/07/07 1:59 p.m.5 views

MAL-2026-6922 Malicious code in mcp-server-pg (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 22d68bdfced357622e33e4608bd35ded4d8988ea6dc7da073b3a83075978815d On npm install, scripts/postinstall.js unconditionally reads a range of installer-owned identity and configuration files and POSTs a JSON payload to ...

6.1AI score
Exploits0References22
OSV
OSV
added 2026/07/06 7:0 p.m.6 views

MAL-2026-6905 Malicious code in winston-prism (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 06134c2a9c642914c91312e4d0184158fda282ec1bb3715fc143e7834993e266 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 6:57 p.m.7 views

Malicious code in secure-box (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1fac79042697157915144f205c342b79f8a019218c45580224a85c045c03fea9 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 6:56 p.m.7 views

Malicious code in pino-pretty-logs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f7864fcfe92b62b2ddc003e696cbe02d18e0979f4336bff4cc9352f318b260fa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/07/06 6:55 p.m.5 views

MAL-2026-6857 Malicious code in npm-doc-dev (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cd9478699eb0ff355280d938bef68818018c0c5cb579b3c144f6c0e134dfad1b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:53 p.m.9 views

Malicious code in @hg-aka-prml/tapas-common (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0283140e8754f9cdc894794ae19307cf6235508d8f8cc75d97b900c1469d9393 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/06/29 4:50 p.m.7 views

MAL-2026-6620 Malicious code in @finantix/webcomponents (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 78f0e6feec707d8b1faaf2926aaeeb7ffc74ba086a917eecd010988211e91de5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 2:16 a.m.9 views

Malicious code in data-fetching-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 913d882d66d587abb1d6fe92b8b6d7353c1b4ae79fb175cc3f10b606dd5f8457 Package self-identifies in its package.json description as a bug-bounty dependency-confusion proof-of-concept against an internal package name of the...

6.1AI score
Exploits0References2
OSV
OSV
added 2026/06/25 2:16 a.m.3 views

MAL-2026-6407 Malicious code in @su-doughnym/hubspot-loginui-poc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 72fa1e159f93bb8a1336dc48fe329f3a7801ebf56a49620ce67fd013ea8995ae Package is openly labeled a dependency-confusion proof-of-concept and uses a high version number 99.99.99 consistent with that intent. The preinstall...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 10:23 a.m.7 views

Malicious code in multer-express (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 50b4df9cf15644bbea3ed944cbf168fdbad1619d0c3e10fff653b0d48c10bbb3 Package name 'multer-express' is similar to the widely used 'multer' middleware for Express. No malicious code patterns, install-time hooks, or...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 5:5 a.m.10 views

Malicious code in @mastra/agent-browser (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 49ba6a41e7e43733a8334968ce740af8771208c66c7529d9f4319bd62e39601d @mastra/[email protected] declares a dependency on 'easy-day-js@^1.11.21' in package.json, but the package's own compiled code in dist/index.js nev...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 4:56 a.m.11 views

Malicious code in @mastra/nestjs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8cce4b38ce42c23095f722a3fd011dcd5070230e430bd5ef2be73c0eb943f79d The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/06/17 4:55 a.m.15 views

MAL-2026-6015 Malicious code in @mastra/deployer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ada3444d44067bbe5085e0892f7885b106c016c114676c2601b15bbb52ce4a4 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 3:12 a.m.17 views

Malicious code in @mastra/sentry (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 08da35ae5d7bc21a7de70c2ed41f52a7a399a58fc26577835f8577fd0053136d The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
Rows per page
Query Builder