Lucene search
K

196 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 9:53 p.m.6 views

Malicious code in theme-color-picker (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f7a4ba7e8664b9e1d99c4018963a4731d591653d7f2a9b879ba090e7a7f6e7bd Although the package presents itself as a 'theme color picker', package.json identifies the publisher as analysis-chart.io with repository...

5.9AI score
Exploits0References4
OSV
OSV
added 2026/06/23 9:53 p.m.6 views

MAL-2026-6357 Malicious code in theme-color-picker (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f7a4ba7e8664b9e1d99c4018963a4731d591653d7f2a9b879ba090e7a7f6e7bd Although the package presents itself as a 'theme color picker', package.json identifies the publisher as analysis-chart.io with repository...

5.9AI score
Exploits0References4
OSV
OSV
added 2026/06/23 3:25 p.m.6 views

MAL-2026-6299 Malicious code in analysis-chart (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a1ab4349bcc1e8f4434817d242b136f6e6050d4acb234aa833d81ffd74942066 The package's postinstall hook install-hook.js, invoked via package.json scripts.postinstall fetches an opaque binary 'payload.bin' from...

6AI score
Exploits0References22
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/22 12:0 p.m.11 views

Malicious code in @glitchpad/throttler (npm)

@glitchpad/throttler malicious version 2.2.3, published by [email protected] is a trojanized npm package belonging to the wshu.net credential-stealer campaign. The campaign published trojanized look-alike utility packages across 12+ scopes whose publisher accounts all follow the pattern...

5.9AI score
Exploits0References7
OSV
OSV
added 2026/06/19 3:13 p.m.11 views

MAL-2026-6213 Malicious code in @bytemend/mfebus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b3d53776853d18aabf967b0f1882eb45f2164feedd600eeccc927f496002f5e4 The package advertises itself as a small in-memory pubsub library but its main entry dist/index.js eagerly requires dist/bootstrap.js, a 277KB...

6AI score
Exploits0References6
OSV
OSV
added 2026/06/12 8:34 p.m.10 views

MAL-2026-5710 Malicious code in chalk-plus-ts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 08276c56353501373a202d28f6af6ee2a7c0b20d28a07d99c4c16309df46269c package.json declares postinstall=node lib/utils/index.js, which spawns a detached child process running lib/utils/smtp-connection/index.js. That...

5.4AI score
Exploits0References1
Snyk
Snyk
added 2026/06/06 9:0 p.m.7 views

Embedded Malicious Code

Overview ppkt2synergy is a Python library for analyzing correlations and synergy in GA4GH Phenopacket cohorts. Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Shai-Hulud / Miasma software supply chain campaign, ...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/06/06 9:0 p.m.11 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Shai-Hulud / Miasma software supply chain campaign, a large scale operation that has affected numerous packages across open source ecosystems. The malicio...

9.8CVSS5.7AI score
Exploits0References2
OSV
OSV
added 2026/06/01 7:40 a.m.10 views

MAL-2026-5161 Malicious code in nrwl.angular-console (VSCode)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 12636eadc931d19fc68ca6d30f5397404c6b782a67537c770c944ed9337a4125 The compromised version of the Nx Console VS Code extension contains malicious code injected into its main execution file. When a develope...

6.1AI score
Exploits0References4
OSV
OSV
added 2026/06/01 7:0 a.m.6 views

MAL-2026-5164 Malicious code in @emcd-vue/b2b-pay-form (npm)

Part of a coordinated multi-package supply-chain attack impersonating EMCD emcd.io, a legitimate Russian cryptocurrency exchange and mining pool. The attacker registered the @emcd-vue npm scope to distribute multiple malicious packages posing as internal tooling under the "EMCD Platform...

6.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/01 7:0 a.m.15 views

Malicious code in @emcd-vue/b2b-pay-form (npm)

Part of a coordinated multi-package supply-chain attack impersonating EMCD emcd.io, a legitimate Russian cryptocurrency exchange and mining pool. The attacker registered the @emcd-vue npm scope to distribute multiple malicious packages posing as internal tooling under the "EMCD Platform...

6.5AI score
Exploits0References2
OSV
OSV
added 2026/05/29 12:0 a.m.9 views

MAL-2026-5044 Malicious code in @t-in-one/restore_application_hid_from_storage (npm)

Wave 2 of a dependency confusion attack campaign C2: oob.moika.tech targeting internal npm scopes. The attacker npm user t-in-one, email [email protected] published packages at inflated versions that resolve ahead of private registry versions via npm's default version resolution. The campaign...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/29 12:0 a.m.10 views

MAL-2026-5036 Malicious code in @t-in-one/add_application_tid (npm)

Wave 2 of a dependency confusion attack campaign C2: oob.moika.tech targeting internal npm scopes. The attacker npm user t-in-one, email [email protected] published packages at inflated versions that resolve ahead of private registry versions via npm's default version resolution. The campaign...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/29 12:0 a.m.16 views

Malicious code in @t-in-one/restore_application_hid_from_storage (npm)

Wave 2 of a dependency confusion attack campaign C2: oob.moika.tech targeting internal npm scopes. The attacker npm user t-in-one, email [email protected] published packages at inflated versions that resolve ahead of private registry versions via npm's default version resolution. The campaign...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/29 12:0 a.m.10 views

Malicious code in @t-in-one/add_application_tid (npm)

Wave 2 of a dependency confusion attack campaign C2: oob.moika.tech targeting internal npm scopes. The attacker npm user t-in-one, email [email protected] published packages at inflated versions that resolve ahead of private registry versions via npm's default version resolution. The campaign...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/29 12:0 a.m.8 views

MAL-2026-5043 Malicious code in @t-in-one/prefill_transformers_data_token (npm)

Wave 2 of a dependency confusion attack campaign C2: oob.moika.tech targeting internal npm scopes. The attacker npm user t-in-one, email [email protected] published packages at inflated versions that resolve ahead of private registry versions via npm's default version resolution. The campaign...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/29 12:0 a.m.28 views

MAL-2026-5032 Malicious code in @sber-ecom-core/sberpay-widget (npm)

Wave 2 of a dependency confusion attack campaign C2: oob.moika.tech targeting internal npm scopes. The attacker npm user t-in-one, email [email protected] published packages at inflated versions that resolve ahead of private registry versions via npm's default version resolution. The campaign...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/29 12:0 a.m.14 views

Malicious code in @t-in-one/safe_local_storage_token (npm)

Wave 2 of a dependency confusion attack campaign C2: oob.moika.tech targeting internal npm scopes. The attacker npm user t-in-one, email [email protected] published packages at inflated versions that resolve ahead of private registry versions via npm's default version resolution. The campaign...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/29 12:0 a.m.9 views

MAL-2026-5046 Malicious code in @t-in-one/send_add_application (npm)

Wave 2 of a dependency confusion attack campaign C2: oob.moika.tech targeting internal npm scopes. The attacker npm user t-in-one, email [email protected] published packages at inflated versions that resolve ahead of private registry versions via npm's default version resolution. The campaign...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/29 12:0 a.m.9 views

MAL-2026-5039 Malicious code in @t-in-one/get_application_hid (npm)

Wave 2 of a dependency confusion attack campaign C2: oob.moika.tech targeting internal npm scopes. The attacker npm user t-in-one, email [email protected] published packages at inflated versions that resolve ahead of private registry versions via npm's default version resolution. The campaign...

5.8AI score
Exploits0References2
Rows per page
Query Builder