CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSSF Malicious Packages•added 2026/05/29 6:37 a.m.•11 views

Malicious code in tiny-naturalsort (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5ecbb6057e556f6985eb20768788e9f7dcf6146b3fdbe703653ce0d52c2a4a31 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score

OSSF Malicious Packages•added 2026/05/12 12:59 a.m.•11 views

Malicious code in git-branch-selector (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dab170d586455af0816362e715de0907ddaa19adb87c68ef59255139322dde69 The package git-branch-selector was found to contain malicious code. Source: ghsa-malware...

5.8AI score

Exploits0References6

OSSF Malicious Packages•added 2026/04/22 1:58 p.m.•6 views

Malicious code in @automagik/genie (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a6e7702eae0e8ff480f6f47624128cb3bf2ad5934d6c6a9a5481f3ac424db40 The package @automagik/genie was found to contain malicious code. Source: ghsa-malware 00207299cc0b9ee634f5850f194f399c6164fd4621989a43f8e5f9353d3707...

OSSF Malicious Packages•added 2026/03/16 12:0 a.m.•4 views

Malicious code in transform-jscript (npm)

The package 'transform-jscript' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

5.5AI score

Exploits0References3

OSSF Malicious Packages•added 2026/03/03 4:20 a.m.•7 views

Malicious code in openclaw-droid (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f44b4e03b9d39603b2f92afff328117f480b35edd9fa3b64b40d6175b3432906 The package openclaw-droid was found to contain malicious code. Source: ghsa-malware a9462b166b838e565ac3aeb11533c69cb1168a95efc54468c0ed81628d080281...

OSSF Malicious Packages•added 2026/03/03 4:8 a.m.•9 views

Malicious code in xpack-subscription (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 62edc6bb089c839e93cf7b71b8b46ca1f5d064272cac586b49cda41fc40b1c19 The package xpack-subscription was found to contain malicious code. Source: ghsa-malware...

OSSF Malicious Packages•added 2026/03/02 3:46 p.m.•6 views

Exploits0References2

Malicious code in ts-big-number (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 644a6ea1bec80a1e6f2dd3ee69a62602237f916e6b2877e126e18d8ef5b7f691 The package ts-big-number was found to contain malicious code. Source: ghsa-malware 490d5033b9169ec80de58a0c2bb8bdbfe435f06200e0b7cc729ce393f2449d40...

OSSF Malicious Packages•added 2026/02/27 4:29 p.m.•5 views

Malicious code in dgxeon-soket4 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c38e017a1a49fe2e8fa61441a0f35d77a1b7052475fffefecca2fa4248a54c58 The package dgxeon-soket4 was found to contain malicious code. Source: ghsa-malware 1efad9e444be88f0b8912153564d4feb2b0dff3063ec3bb5f0750731faec1057...

5.9AI score

OSV•added 2026/02/04 4:41 a.m.•3 views

MAL-2026-713 Malicious code in react-sdkk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5be5e5cc941dec9a36d78d9de45e31cd604e0efacd37d1b78b62e452689b2cb7 The package react-sdkk was found to contain malicious code. Source: ghsa-malware 60e38e54e0f061a0da679900787b26c8949e350345b5ae5e12688321574bd4c7 Any...

5.5AI score

OSV•added 2026/01/09 3:3 a.m.•4 views

MAL-2026-183 Malicious code in yunxohang11 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0bcda0e592de29bfcadb36b9fc15f8e9286e6a900d24e8bfc6c377e6ed2c92c1 The package yunxohang11 was found to contain malicious code. Source: ghsa-malware fb0d6761dd8d1cd805af3477c095b5c7acdd92dd5eb9b0aa1c877e65f8ded822 An...

OSSF Malicious Packages•added 2025/12/10 1:58 a.m.•5 views

Malicious code in facts-base (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6fd985aa898a134a3edaeb33d9629378a215a674e8110bb88fbbdfce59c8883e The package facts-base was found to contain malicious code. Source: ghsa-malware 11ed9b0a6622d128df892c963646c0dd03c4a65ddd22b4ac0aebea5d9f4b0adc Any...

OSV•added 2025/12/04 6:0 a.m.•2 views

MAL-2025-192295 Malicious code in elf-stats-jubilant-ornament-641 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4b627f81ef3d4b49b83a86d60778eb2510e4d1cc4a7d0786394c115f194b9264 The package elf-stats-jubilant-ornament-641 was found to contain malicious code. Source: ghsa-malware...

OSSF Malicious Packages•added 2025/11/24 10:30 p.m.•8 views

Malicious code in jquery-bindings (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31127dd6191c9d3e68e94d705b43d24066f06f37b41f659a5a6831a8a811fc11 The package jquery-bindings was found to contain malicious code. Source: ghsa-malware eb6c4671167bd91b31b632f661a4bc8a3d627412796b9899fae3d0797eb51e3...

OSSF Malicious Packages•added 2025/11/05 1:40 a.m.•4 views

Exploits0References4

Malicious code in bcryptjs-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d0be16faac6783f82014ca8cf99ad85fccf1d5e8a161d5b601a50ae9d6376727 The package bcryptjs-node was found to contain malicious code. Source: ghsa-malware 9ed37910e4f94c2d5eb3552347636ce0b38ce92c42cb7abf643ca2cffd60e8af...

OSSF Malicious Packages•added 2025/10/29 11:52 p.m.•2 views

Malicious code in ethetsjs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dbf1d245815ae5573ce88fea42cb604308fd2473b55ebb63f823d33796cff6bd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.6AI score

Exploits0References2

OSSF Malicious Packages•added 2025/10/29 10:47 p.m.•5 views

Malicious code in xo-validation (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4a2dc971622a44de97536e68fb7287ef32a7a1bdabe0d0386eadf248219cea54 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSSF Malicious Packages•added 2025/10/29 10:46 p.m.•3 views

Exploits0References2

Malicious code in airbnb-calendar (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8bdd7ff1ebc82ab66444ee41ee81408d4c29440e9a5662b9d11c4734d8a3a0c9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSSF Malicious Packages•added 2025/10/20 3:33 a.m.•3 views

Exploits0References4

Malicious code in hari-zzz (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 81362ae48dc13755d39b24433b10aae444d143cf59e5e9a66a68f303fb5bfe7d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSSF Malicious Packages•added 2025/10/10 3:37 a.m.•4 views

Exploits0References3

Malicious code in @evo-tech/backoffice-test-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 931d6e176eaebf4b172dba6fd81800d7257f741ffad464c014dc9fcd085bcba4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...