Lucene search
+L

28 matches found

Snyk
Snyk
added 2026/06/06 9:0 p.m.15 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...

9.8CVSS5.6AI score
Exploits0References2
OSV
OSV
added 2026/06/05 12:53 a.m.16 views

MAL-2026-5202 Malicious code in @ethlete/query (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d3334de45d8864ad96963e00aa263c3c1b09678abe9317058965a2b6b026abd The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...

6.2AI score
Exploits0References3
OSV
OSV
added 2026/06/05 12:53 a.m.13 views

MAL-2026-5201 Malicious code in @ethlete/dsp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 70c5d7385124d81ab784d06593b0df8f05d245c165ea1ebfee9cb6b49b817ab0 The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...

6.2AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/05 12:53 a.m.16 views

Malicious code in create-cf-token (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 56d9884f6d63e063d1320b8d8efbfb8852f00bd3c18c87b03b445f6978897570 The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...

6.1AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/05 12:53 a.m.26 views

Malicious code in @forjacms/sections (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c21dd7e7453f68aa7240f5ec40de3a37683b0a9655d0218a094c528e042766f The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...

6.1AI score
Exploits0References4
OSV
OSV
added 2026/06/05 12:53 a.m.20 views

MAL-2026-5230 Malicious code in autotel-subscribers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 374da77433b452664266e009188064316b6defdcb0ee4b7e391a158a0a5ca6bf No concrete installer-harm signals were identified in this version of autotel-subscribers. There is no observed lifecycle script fetching remote...

6.2AI score
Exploits0References31
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/05 12:53 a.m.18 views

Malicious code in autotel-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f318ba7cb2f7115530a39f61c409a81a0f2bf94aa552e4a0ac6a0b21570b822 No concrete installer-harm signals were identified for this package version. Coverage of the package contents was partial, so a definitive...

6AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/05 12:53 a.m.14 views

Malicious code in eslint-plugin-executable-stories-jest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f57bad4c5897c34b725457a558ebfe9df86ff8092f5bfd36b1568d6dc5e84da8 The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...

6.1AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/05 12:53 a.m.15 views

Malicious code in @ethlete/types (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d8f99e5213b116197421a47e5d43675c1772592479e5646e6683f28ca5e77873 The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/05 12:53 a.m.19 views

Malicious code in awaitly-postgres (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3015c3afc4f26f62482274726cb1ce34f803abd4b7e84a6eb7e0c802e8c8b7df The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...

6.1AI score
Exploits0References26
OSV
OSV
added 2026/06/05 12:53 a.m.13 views

MAL-2026-5266 Malicious code in node-env-resolver-vite (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ebb20ec41cd318dc4b8958df0ddc5c86e5fede7c4ee3c7ced1439aad3e943b97 The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...

6.2AI score
Exploits0References3
OSV
OSV
added 2026/06/05 12:53 a.m.10 views

MAL-2026-5255 Malicious code in executable-stories-mcp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc974c5748dbf6c421d343ec3924e31bcc8a56a1202e59818e5282bc239a14f2 [email protected] ships a bundled HTTP server module dist/http.cjs and dist/http.js where pattern matchers flagged co-occurrence of...

6.2AI score
Exploits0References3
OSV
OSV
added 2026/06/05 12:53 a.m.12 views

MAL-2026-5214 Malicious code in autotel-aws (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e356eee42d8cb9a80967237c11de3358548389fe2e413f1bbc3fae630c7d28f8 No concrete installer-harm signals were identified in this package version. No lifecycle hooks fetching external code, no credential-path reads, no...

6.2AI score
Exploits0References3
OSV
OSV
added 2026/06/05 12:53 a.m.11 views

MAL-2026-5222 Malicious code in autotel-hono (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e5d4817f36d8b16c1ecf07488650333e0cf46bf1b5f45a1a9f15079575424225 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.2AI score
Exploits0References4
OSV
OSV
added 2026/06/05 12:53 a.m.13 views

MAL-2026-5261 Malicious code in mountly-tailwind (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e398eaa72f57a4536d3bb3c64f27de01f4a1d91cf64c65f10b8949dcfb4cfb91 The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...

6.2AI score
Exploits0References3
OSV
OSV
added 2026/06/05 12:53 a.m.9 views

MAL-2026-5267 Malicious code in wrangler-deploy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0d2085fa4916157b99799df085aa11e3d29bdb9a47f5798c85375b1bfdf8bd7e Package name wrangler-deploy is close to Cloudflare's official wrangler CLI, which raises confusion-risk concerns for developers who may install it...

6.2AI score
Exploits0References3
Snyk
Snyk
added 2026/06/02 9:0 p.m.17 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...

9.8CVSS5.6AI score
Exploits0References2
Snyk
Snyk
added 2026/06/02 9:0 p.m.11 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...

9.8CVSS5.6AI score
Exploits0References2
HackRead
HackRead
added 2026/05/13 3:18 p.m.12 views

TeamPCP Used Mini Shai-Hulud Worm to Poison Over 400 npm and PyPI Packages

Research reveals that TeamPCP hijacked OIDC tokens to poison hundreds of TanStack, Mistral AI, and UiPath packages with the self-propagating Mini Shai-Hulud worm...

5.8AI score
Exploits0
Snyk
Snyk
added 2026/05/11 9:0 p.m.12 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

9.8CVSS6AI score0.02342EPSS
Exploits3References2
Rows per page
Query Builder