964 matches found
MAL-2024-1560 Malicious code in pwnkunwar (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b5f9675a84c2761533cd05e6f893b3df1e793d224ed0a0cc1548432bc75273a1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-1615 Malicious code in braintree-utilities (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6ba47f404b8012a3baa206a37fd59066ff35442cb95da8ba7bd1b44a6b9a7968 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in testpentesting123xyz (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 36685d552523fa8f2d9de645b437d7cecf143d10232afb786da7ff9d224afc2a The OpenSSF Package Analysis project identified 'testpentesting123xyz' @ 1.0.0 npm as malicious. It is considered malicious because: - The packa...
MAL-2024-1398 Malicious code in drata (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 646cbea8c3285f55f7f26b096cd9a63f91fdf4c4b06370aa92226ea3316bebba The OpenSSF Package Analysis project identified 'drata' @ 1.0.0 npm as malicious. It is considered malicious because: - The package communicates...
Malicious code in pinyin-pra (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 9b8720c87d902e268ccf6e9db13f00285998cf35b280a6851ef9c3c23b3f0d6b The OpenSSF Package Analysis project identified 'pinyin-pra' @ 1.0.3 npm as malicious. It is considered malicious because: - The package...
MAL-2024-1390 Malicious code in hello-1st-anni (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7324e12f4247915474315b0c6446c86c97ef20bca17e3baa9b31478fc7e612d2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-1386 Malicious code in tec-docs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 125ddb22e15354e2319586116faa892343d4a86c8f79c9d6ed274d9acfb5f20d The OpenSSF Package Analysis project identified 'tec-docs' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...
MAL-2024-1382 Malicious code in cst-web-chat (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f29459986483506a5bda069545676e4bfc990a37afd3dc286ba0e882cc4c8442 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in by-fetch (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bbe17032deb287c69fb57c7e240590cb829a046c49e904b65d01686694636d5b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-1341 Malicious code in dependency_confusion123 (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d4d13afb7306711deba7679787e9c867a3285ab9deabbf0d1efcf452427cd004 The OpenSSF Package Analysis project identified 'dependencyconfusion123' @ 9.9.9 rubygems as malicious. It is considered malicious because: - Th...
MAL-2024-1333 Malicious code in threadxpools (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 41a0be6e9aa8db3965bae9f646d47ad6cb85ac9600c8bd71358409062b8fe105 The OpenSSF Package Analysis project identified 'threadxpools' @ 1.2 pypi as malicious. It is considered malicious because: - The package...
MAL-2024-1352 Malicious code in @aluffyz/discord-botjs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 19d4e14d28ee6d6844110ceb637db248af639739f0215ffe4336c12482e453fb The OpenSSF Package Analysis project identified '@aluffyz/discord-botjs' @ 1.4.5 npm as malicious. It is considered malicious because: - The...
MAL-2024-1330 Malicious code in elk-uikit (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis aaece47ca73a2646b0cb728b7816026ec3135f48e18054950dce89f8bf9073b0 The OpenSSF Package Analysis project identified 'elk-uikit' @ 99.99.1 npm as malicious. It is considered malicious because: - The package execut...
MAL-2024-1332 Malicious code in uidm-react-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 46d06a0532602d59ada5b5296d3344ff79c9be233ff036127aad80ba624e6e95 The OpenSSF Package Analysis project identified 'uidm-react-lib' @ 99.99.1 npm as malicious. It is considered malicious because: - The package...
MAL-2024-1313 Malicious code in not-exist-lykos-poc2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 9fdf307a333300d88cdb5031c5f135a2fe51e2a01d4db763c2d1457111ce9fe4 The OpenSSF Package Analysis project identified 'not-exist-lykos-poc2' @ 66.6.9 npm as malicious. It is considered malicious because: - The...
Malicious code in discord.js-hex (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 015a5d02bee306302c82f2de4541e008c6ebcc61804819bf894aac181a1c9eac The OpenSSF Package Analysis project identified 'discord.js-hex' @ 1.0.1 npm as malicious. It is considered malicious because: - The package...
MAL-2024-1274 Malicious code in ui-common-components-angular (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c0d823ab954cd19f85bb933d25f8230386023a6a1fd15430efce0298f6a25aa9 The OpenSSF Package Analysis project identified 'ui-common-components-angular' @ 1.3.1 npm as malicious. It is considered malicious because: - T...
OpenSSF Warns of Fake Maintainers Targeting JavaScript Projects
By Deeba Ahmed Alarming social engineering attacks target critical open-source projects! Learn how to protect your project and the open-source community from takeovers. This is a post from HackRead.com Read the original post: OpenSSF Warns of Fake Maintainers Targeting JavaScript Projects...
MAL-2024-1254 Malicious code in reqargs (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 9d1ba9bc54763d8ec8336f0edc8d5997d5fb080801556f288a4935dac06d4878 The OpenSSF Package Analysis project identified 'reqargs' @ 1.4 pypi as malicious. It is considered malicious because: - The package communicate...
MAL-2024-1198 Malicious code in locus-website (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ae618c99394568c62b082d0c55c5da01da065e9ad01343f5737caf05685612b8 The OpenSSF Package Analysis project identified 'locus-website' @ 1.0.1 npm as malicious. It is considered malicious because: - The package...