Lucene search
+L

2407 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/14 9:54 a.m.15 views

Malicious code in ltidiconf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a4ca306052ea5224831743daec9d3944fadff8cb4a7211e980be7669a739d00d [email protected] is an empty wrapper package index.js is module.exports = ;, empty author/description, inflated 99.9.1 version whose sole effect on...

6.2AI score
Exploits0References2
OSV
OSV
added 2026/06/14 9:54 a.m.12 views

MAL-2026-5767 Malicious code in ltidiconf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a4ca306052ea5224831743daec9d3944fadff8cb4a7211e980be7669a739d00d [email protected] is an empty wrapper package index.js is module.exports = ;, empty author/description, inflated 99.9.1 version whose sole effect on...

6.2AI score
Exploits0References2
OSV
OSV
added 2026/06/12 1:41 a.m.14 views

MAL-2026-5682 Malicious code in coral-wraith (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf0e5e4aa66ffeb1481fd587c96f596a227c9388b86b3a3443749b5ec9eb09f1 The package's postinstall.js runs at install time and performs a credential-harvest + host-tampering chain against the installer. It enumerates npm...

5.6AI score
Exploits0References48
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 7:15 p.m.14 views

Malicious code in worker-build (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0e11b6161f4fe3c591bddadbf275003eaac33a1478cda408ac51d85230292e6d package.json declares "postinstall": "node main.js", so installation of [email protected] unconditionally executes main.js on npm install. main.js...

5.4AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 9:26 a.m.14 views

Malicious code in @whatnot-web/www-legacy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3fe99986935f0b2d200c3192dfc07fc1b6da96c78ac8a4f0a67aa23771e82709 @whatnot-web/[email protected] is a dependency-confusion shell targeting the Whatnot org scope. The package ships an empty library index.js exports ,...

5.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 8:25 a.m.15 views

Malicious code in edu-npm-dependency-chain-demo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b2a7d2f1e015cb530cbc560ff593abba9ecbdde04868643cc1f46c7c23b7252d The package was found to contain malicious code or consuming dependency that contains malicious code Source: ossf-package-analysis...

6AI score
Exploits0References1
OSV
OSV
added 2026/06/08 4:16 p.m.10 views

MAL-2026-5367 Malicious code in odoo-addon-spp-base (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c6e43f21a6bdcbb6cfa1837833232c9888fb8012bd2ebae8607a6d08eaee9f06 No suspicious behaviors were observed in this package. There are no install-time or import-time network calls, no credential or filesystem access...

6.1AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/08 2:0 p.m.15 views

Malicious code in @listings/energy-labels (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 41caac3ab1f9c35a72841357174aeeec16c142c08cc28030a875b2dba85f04ba The package declares "preinstall": "node index.js || true" in package.json, so on every npm install the script executes automatically and silently...

5.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/07 10:25 a.m.15 views

Malicious code in sequoia-engineering (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a706c7d699bedaaabe5ce16ce9c2c8f8ccf11d3d0cafda0bf1ff3d27192d9772 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.1AI score
Exploits0References1
OSV
OSV
added 2026/06/07 6:24 a.m.10 views

MAL-2026-5363 Malicious code in @solana-labs/web3-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d11c336c71c73260c2daa9233636b07bc81badb0b9f54b13241f719710a7f5d4 Package name @solana-labs/web3-js impersonates the legitimate @solana/web3.js and index.js simply re-exports the real package as cover. The postinsta...

6.1AI score
Exploits0References7
OSV
OSV
added 2026/06/07 5:44 a.m.9 views

MAL-2026-5362 Malicious code in @solana-labs/etherjs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c086a8d2c3022bc55743fdca944c8810b997ec203e8742606bf14cccee721db Package is published as @solana-labs/etherjs but its README documents itself as @solana-labs/web3.js and instructs consumers to import Connection,...

5.7AI score
Exploits0References8
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/06 8:6 p.m.18 views

Malicious code in unifi-portal (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f4c0cbc81f0d9b1df2dae7252888e87e046c36d049f2792dc7fc49d72ec1d9c6 Package is a self-described dependency-confusion proof-of-concept published unscoped on the public npm registry under a name presumed to match a...

5.4AI score
Exploits0References3
OSV
OSV
added 2026/06/06 8:6 p.m.26 views

MAL-2026-5289 Malicious code in unifi-portal (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f4c0cbc81f0d9b1df2dae7252888e87e046c36d049f2792dc7fc49d72ec1d9c6 Package is a self-described dependency-confusion proof-of-concept published unscoped on the public npm registry under a name presumed to match a...

5.4AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/06 7:29 p.m.19 views

Malicious code in encrypted-archive (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c60d89261c09dc6eaea0a3af26af55519421cb927a1b8183009d09b2d4e99b94 On npm install, the package executes a preinstall hook package.json "preinstall": "node index.js || true" that runs index.js, which performs a DNS...

5.4AI score
Exploits0References1
OSV
OSV
added 2026/06/06 7:29 p.m.21 views

MAL-2026-5288 Malicious code in uisp-connector (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 351b32a85d024168970d1a2e8b7c9c5e6ff6f1d31191390f248a988d9ea6b9a9 package.json declares preinstall: node index.js || true, causing index.js to run automatically on npm install. index.js issues a DNS resolution and...

5.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/04 12:5 p.m.16 views

Malicious code in cms-store-ren (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da3593e36ce898d648883ea6f911a5cec1f75f9e8bda5585f7ff5f8754c821de The package's scripts.install runs install.js on every npm install. The script unconditionally POSTs the installer's hostname, OS, and architecture t...

6.4AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/03 8:50 a.m.19 views

Malicious code in brave-search-mcp-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d7d65e78a73a4cc2064d0ab9210a76c7c55f69553b70879dd649d7ad84e48dc0 The OpenSSF Package Analysis project identified 'brave-search-mcp-server' @ 1.0.0 npm as malicious. It is considered malicious because: - The...

5.8AI score
Exploits0
OSV
OSV
added 2026/06/02 11:40 a.m.12 views

MAL-2026-5166 Malicious code in sourceflow-tracker (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0c32024f2d571ac850d0e9a7240951137c14d1f1529ab3e0f782ff677a5625ea package.json declares a dependency ltidisafe resolved directly from a raw tarball URL on a generic Google Cloud Storage bucket...

5.6AI score
Exploits0References1
OSV
OSV
added 2026/06/02 11:20 a.m.13 views

MAL-2026-5159 Malicious code in po-ops-local-dev (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c7d0f2e829316d0c6a04bc41fb4d187569c00c3273384b1666d3068a0e696291 [email protected] has no functional code of its own index.js contains only module.exports = ; and there are no lifecycle scripts. Its sole effe...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/02 7:7 a.m.20 views

Malicious code in @att-ebiz/abs-components-bc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fb8d1b46db555fda7536bcf080f9dfd0ceed5c731f7a96b2579121598dad6721 Package @att-ebiz/[email protected] is an empty placeholder published to public npm under a scope @att-ebiz that matches AT&T's internal...

6.2AI score
Exploits0References2
Rows per page
Query Builder