CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 3 days ago•3 views

MAL-2026-5366 Malicious code in zer0one-dnslog (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 903c45d49e6716373a67196c41e8acfbf8afa3320a635380ffe3403e8f127605 The package is published as a 'simple date formatting utility' but ships a postinstall payload that, on npm install, runs a curl pipeline against clo...

5.6AI score

Exploits0References10

OSSF Malicious Packages•added 4 days ago•5 views

Malicious code in @solana-labs/web3-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d11c336c71c73260c2daa9233636b07bc81badb0b9f54b13241f719710a7f5d4 Package name @solana-labs/web3-js impersonates the legitimate @solana/web3.js and index.js simply re-exports the real package as cover. The postinsta...

6.1AI score

Exploits0References7

OSV•added 4 days ago•2 views

MAL-2026-5363 Malicious code in @solana-labs/web3-js (npm)

6.1AI score

Exploits0References7

OSV•added 4 days ago•4 views

MAL-2026-5362 Malicious code in @solana-labs/etherjs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c086a8d2c3022bc55743fdca944c8810b997ec203e8742606bf14cccee721db Package is published as @solana-labs/etherjs but its README documents itself as @solana-labs/web3.js and instructs consumers to import Connection,...

5.7AI score

OSV•added last week•8 views

MAL-2026-5188 Malicious code in hello244a (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c0816d6d3c6e3a2474dad6d42b1394acee44aa51824aa01e873bcd1060fd1982 The package's package.json declares a preinstall lifecycle script that runs wget --quiet...

5.6AI score

OSV•added 2026/06/02 4:30 p.m.•7 views

MAL-2026-5168 Malicious code in vg-interaction-model (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis aba91a5b2aeb99e94b28109825a7ac069669d39c12c118fd37d9ef70afe63261 The OpenSSF Package Analysis project identified 'vg-interaction-model' @ 40.0.1 npm as malicious. It is considered malicious because: - The...

OSSF Malicious Packages•added 2026/06/01 6:30 p.m.•10 views

Malicious code in align_rest_api (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a3b4fd5fe3e581dc76f4fbe187da4427e159ff73a717a99c2f519af87ca7b2c8 The OpenSSF Package Analysis project identified 'alignrestapi' @ 99.99.99 rubygems as malicious. It is considered malicious because: - The packa...

OSSF Malicious Packages•added 2026/05/28 2:25 p.m.•14 views

Malicious code in @neon-i18n/core-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis dbdc5bd090d8e85771f77fa3a7a113e08fbfb31de54ae399ed92565bdac246df The OpenSSF Package Analysis project identified '@neon-i18n/core-ui' @ 99.99.99 npm as malicious. It is considered malicious because: - The...

OSSF Malicious Packages•added 2026/05/27 4:45 a.m.•9 views

Malicious code in editorial-code (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d7404afc131a113ef01d7eb896439a8719bb0f1b8d67e491d53321fdd5981e97 The OpenSSF Package Analysis project identified 'editorial-code' @ 99.0.1 npm as malicious. It is considered malicious because: - The package...

OSV•added 2026/05/27 4:45 a.m.•5 views

MAL-2026-4830 Malicious code in editorial-code (npm)

OSV•added 2026/05/27 4:35 a.m.•6 views

MAL-2026-4832 Malicious code in mse-authentication (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a953627a77037de50d82384daca1d98d101c4c09b315ab91fd597a43557fbd99 The OpenSSF Package Analysis project identified 'mse-authentication' @ 99.0.1 npm as malicious. It is considered malicious because: - The packag...

OSSF Malicious Packages•added 2026/05/27 4:35 a.m.•8 views

Malicious code in mse-authentication (npm)

OSV•added 2026/05/27 4:25 a.m.•4 views

MAL-2026-4831 Malicious code in editorial-mse-authentication-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a97fd474e8661c575287f7cc9fddd0ee1ac95240c13653555ca2b416e895b99a The OpenSSF Package Analysis project identified 'editorial-mse-authentication-ui' @ 99.0.1 npm as malicious. It is considered malicious because:...

OSSF Malicious Packages•added 2026/05/25 6:12 p.m.•8 views

Malicious code in @databus-service-ui/ui-event (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b82b3af71dce087a185cffa6f3691ad5a4e4c3d9e35154070ef4ad0dd4f15b10 scripts/postinstall.js performs two install-time attacks against any machine that runs npm install. 1 Credential exfiltration: it iterates process.en...

6.4AI score

OSSF Malicious Packages•added 2026/05/25 5:31 p.m.•10 views

Malicious code in verify-mycommand (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2f94ffb54a2471d0cc94ce1ea88f741e034221a374f17bfadbd609cb22f14f24 On npm install, postinstall.js executes whoami and id, collects host identity hostname, platform, cwd and CI metadata CI, GITHUBREPOSITORY, NODEENV...

OSV•added 2026/05/24 7:40 p.m.•5 views

MAL-2026-4289 Malicious code in @stockrepublic/republic-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 300b309644b646817c47a283d8b9aaa018e8ae0f59986207f55fd0c39dca872a The package masquerades as an internal @stockrepublic component version 99.0.0, description 'Runs git diff and saves the output to git.log on install...

OSSF Malicious Packages•added 2026/05/24 7:40 p.m.•8 views

Malicious code in @stockrepublic/republic-components (npm)

OSV•added 2026/05/24 6:38 p.m.•7 views

MAL-2026-4290 Malicious code in clipboard-guardian (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6cf1e5328821dbb36e54a2d796ad934ebe79257f8927e2ba741016c4a0f2c79d This package is a cryptocurrency clipper masquerading as a clipboard-protection tool. Its postinstall script npm-install.cjs writes 30+ hardcoded...