Lucene search
K

19558 matches found

OSV
OSV
added 2026/06/09 9:31 p.m.10 views

MAL-2026-5488 Malicious code in react-pinojs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector db767edd3581eec08793cb669f0ec59351e61f31501b6d4287b86baea512bb63 Package impersonates the popular pino logger homepage points to getpino.io, description mimics pino's tagline and executes a remote-code-execution...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 8:34 p.m.18 views

Malicious code in mcp-server-notion (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0423928197ec83ac273fa4a1b66d9e75398b956e7d5027014ff6326c552a46c2 Package occupies the unscoped name mcp-server-notion to catch misrouted installs of the scoped MCP Notion server. package.json declares "postinstall"...

5.5AI score
Exploits0References2
OSV
OSV
added 2026/06/09 8:32 p.m.24 views

MAL-2026-5466 Malicious code in getd-eslint-rules (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 17328047b2ec8dce82cfbdfd5b16c8f862d51dca26b02c9801587c220a48975a On npm install, postinstall.js collects host identifiers os.hostname, os.userInfo username, os.platform, current working directory, CI environment...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/06/09 8:29 p.m.7 views

MAL-2026-5469 Malicious code in getd-transactional-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fe5e89f2411faf9265508a84772d5667bb3095cf28937bb9e9ab80a215ff4208 On npm install, postinstall.js issues an HTTPS GET to https://webhook.site/18dc4281-d366-438a-9186-76fbcd56ade5 carrying os.hostname,...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 8:29 p.m.9 views

Malicious code in getd-ui-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fcdbf66757b102ed524f01c498adae819b02968aa455f57316f4e08af1fb9ea0 On npm install, postinstall.js runs unconditionally scripts.postinstall = 'node postinstall.js' and sends an HTTPS GET to a hardcoded webhook.site UR...

5.5AI score
Exploits0References1
Snyk
Snyk
added 2026/06/09 6:33 p.m.5 views

Double Free

Overview Affected versions of this package are vulnerable to Double Free in the certificate verification path, in the TLS client's OCSP stapling response handling. An attacker operating a malicious server can deliver an OCSP response via the statusrequest extension that corrupts heap memory and...

8.2CVSS5.9AI score0.00245EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 5:40 p.m.8 views

Malicious code in @nstrlabs/api-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de7b47a7f81209dbbaff286599b46f4f030ff992b6d0c25d947cc84739b838d9 @nstrlabs/[email protected] is a hollow package whose only behavior is an install-time exfiltration beacon. package.json declares "preinstall": "node...

5.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 4:9 p.m.10 views

Malicious code in @0xlr/sentry-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6cda998358d5cfe20dc0c060f7e212e44ee41e6f369f42c15badbfdd7b796744 On npm install, this package automatically executes postinstall.js, which enumerates the entire process.env every environment variable, including CI...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/06/09 4:9 p.m.8 views

MAL-2026-5387 Malicious code in @0xlr/sentry-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6cda998358d5cfe20dc0c060f7e212e44ee41e6f369f42c15badbfdd7b796744 On npm install, this package automatically executes postinstall.js, which enumerates the entire process.env every environment variable, including CI...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 4:7 p.m.12 views

Malicious code in @0xlr/clerk-auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2ff421a5ccb412fd8455e89a1b9875b427ed34af12fa4b188ed4418cd8f52a74 On npm install, postinstall.js enumerates the entire process environment Object.keysprocess.env.sort.forEach along with hostname, username, home...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/06/09 4:7 p.m.12 views

MAL-2026-5385 Malicious code in @0xlr/clerk-auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2ff421a5ccb412fd8455e89a1b9875b427ed34af12fa4b188ed4418cd8f52a74 On npm install, postinstall.js enumerates the entire process environment Object.keysprocess.env.sort.forEach along with hostname, username, home...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/06/09 4:7 p.m.13 views

MAL-2026-5386 Malicious code in @0xlr/prisma-client-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b993c29d90c2ecfffaa9ed55b99c38e5351052e619b79ad2a385d6c72376f0f4 On npm install, postinstall.js enumerates all of process.env, collects hostname, username, homedir, cwd, argv, platform/arch/release, memory and CPU...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 4:7 p.m.11 views

Malicious code in @0xlr/prisma-client-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b993c29d90c2ecfffaa9ed55b99c38e5351052e619b79ad2a385d6c72376f0f4 On npm install, postinstall.js enumerates all of process.env, collects hostname, username, homedir, cwd, argv, platform/arch/release, memory and CPU...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 4:7 p.m.10 views

Malicious code in @0xlr/vercel-analytics (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fda046018b2c121cb96e157cadce6d8aee695beb7086008140da0a9c6eebc938 On npm install, postinstall.js enumerates every process.env variable including credentials such as AWS, NPMTOKEN, GITHUBTOKEN and other CI tokens and...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/06/09 4:7 p.m.8 views

MAL-2026-5391 Malicious code in @0xlr/vercel-analytics (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fda046018b2c121cb96e157cadce6d8aee695beb7086008140da0a9c6eebc938 On npm install, postinstall.js enumerates every process.env variable including credentials such as AWS, NPMTOKEN, GITHUBTOKEN and other CI tokens and...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 4:7 p.m.10 views

Malicious code in @0xlr/stripe-frontend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3eda7bf8681a6253ffc4bc965888e45c5374e4ba8d4fe2e17efcd0f227d7ce5e On npm install, postinstall.js enumerates every entry in process.env sorted, bundles it with hostname, username, homedir, cwd, argv, and platform/arc...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/06/09 4:7 p.m.12 views

MAL-2026-5389 Malicious code in @0xlr/stripe-frontend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3eda7bf8681a6253ffc4bc965888e45c5374e4ba8d4fe2e17efcd0f227d7ce5e On npm install, postinstall.js enumerates every entry in process.env sorted, bundles it with hostname, username, homedir, cwd, argv, and platform/arc...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 4:7 p.m.8 views

Malicious code in @0xlr/stripe-checkout-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 65b2bf8dcdc0fc9b8fdbf14bbf58a011707a4425cf0029867e28067c08ef5566 On npm install, postinstall.js enumerates the full process.env keyspace plus host identifiers os.hostname, username, homedir, cwd, argv, OS details a...

5.6AI score
Exploits0References1
OSV
OSV
added 2026/06/09 4:7 p.m.10 views

MAL-2026-5388 Malicious code in @0xlr/stripe-checkout-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 65b2bf8dcdc0fc9b8fdbf14bbf58a011707a4425cf0029867e28067c08ef5566 On npm install, postinstall.js enumerates the full process.env keyspace plus host identifiers os.hostname, username, homedir, cwd, argv, OS details a...

5.6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 4:6 p.m.12 views

Malicious code in @0xlr/supabase-db (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0feb7f8ea3069b0e830043fea195c088ea28709cc18a32676f389c61a15fc84c On npm install, the package's postinstall.js script enumerates all of process.env and collects host identifiers os.hostname, username, homedir, cwd,...

5.5AI score
Exploits0References1
Rows per page
Query Builder