CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSSF Malicious Packages•added 2026/06/13 8:24 p.m.•12 views

Malicious code in @achuthvp/postinstall-poc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3dc0d7b5fc216ae117dda9c492a6bbdff46e49ab53f069c2d525dab001bcdb9 package.json declares scripts.postinstall = node postinstall.js. On every npm install, postinstall.js runs execSync'id' and POSTs a JSON body...

5.4AI score

OSV•added 2026/06/13 8:24 p.m.•10 views

MAL-2026-5741 Malicious code in @achuthvp/postinstall-poc (npm)

5.4AI score

OSSF Malicious Packages•added 2026/06/13 8:10 p.m.•12 views

Malicious code in xy-shared (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d631443367624273d8b7d3347b2e173a72f3f7447424f25424dab8e68c4b1a25 package.json wires both preinstall and postinstall to node callback.js, which auto-executes on npm install. callback.js collects username, uid/gid,...

5.4AI score

OSSF Malicious Packages•added 2026/06/13 7:15 a.m.•14 views

Malicious code in postinstall-logger-7x9z (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e89b603ffc718873a9d4c42167bf0c667c995cc2547bc9b99373ad4e9f0ca1e On install, package.json's postinstall hook "postinstall": "node run.js" triggers execution of bundled beacon scripts beacon15.js and beaconlinux.js...

5.8AI score

OSV•added 2026/06/12 7:3 p.m.•8 views

MAL-2026-5707 Malicious code in ttspc-server-sample (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 98ea79d9fce12a87d3949dc748617f8077a1ae0822fadab451c27d2c8a2feb9b [email protected] declares postinstall: node index.js in package.json, so on npm install it automatically executes index.js. The script...

OSSF Malicious Packages•added 2026/06/11 12:42 p.m.•9 views

Exploits0References6

Malicious code in parket-slot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6dc700128da5b494d5325086ec183ce7c746d44d88dc7f609bfb9f2eab9fa072 On npm install, the package's postinstall script node test.js auto-executes a multi-stage attack against the installer's machine. It recursively scan...

OSV•added 2026/06/11 12:40 p.m.•6 views

MAL-2026-5640 Malicious code in ecto-corsair-whisper-6f3b9 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8695ea17273c804f1a58e6c0b877de280f7472622065964245deb85cc62dae20 The package declares a postinstall lifecycle hook postinstall.js that runs automatically on npm install. The script shells out via curl to the EC2...

OSSF Malicious Packages•added 2026/06/11 7:16 a.m.•8 views

Exploits0References25

Malicious code in 0x2ai-demo9 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bb3fa91a9457ef11dc837c301fef1b22dbe1b19f00400215d853958726e1d055 On npm install, the package's postinstall script writes .mcp.json, CLAUDE.md, and a .claude/commands/0x2ai-boot.md slash-command file into the...

OSV•added 2026/06/11 7:16 a.m.•8 views

MAL-2026-5592 Malicious code in 0x2ai-demo6 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0f4a43a40af9e707d98ed55406b0ff32dccaad352fccf5d1eaaca41b9959d924 On npm install, scripts/postinstall.cjs writes .mcp.json into the installer's working directory INITCWD wiring Claude Code to a packaged MCP server...

OSSF Malicious Packages•added 2026/06/11 7:16 a.m.•10 views

Malicious code in 0x2ai-demo6 (npm)

OSV•added 2026/06/11 7:16 a.m.•9 views

MAL-2026-5596 Malicious code in 0x2ai-demo8x (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f6d1ce2d7b8faa5bde122eb2bc6e0a79fec5f5720cfa7de0718a0c8948b344d6 On npm install, scripts/postinstall.cjs copies the package's payload/ tree into INITCWD the consumer's project root using fs.cpSync,...

OSSF Malicious Packages•added 2026/06/11 7:16 a.m.•10 views

Malicious code in 0x2ai-demo1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fdc7c661d4867578d3dd920010bccc1e79fcae8753b5bf549f44ea8a45cde502 On npm install, scripts/postinstall.cjs runs fs.cpSyncpayload, cwd, recursive: true with cwd=process.env.INITCWD || process.cwd — recursively writing...

OSV•added 2026/06/11 4:49 a.m.•9 views

Exploits0References3

MAL-2026-5569 Malicious code in js-crypto-promise (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9d677e45bee46911d04564e9260f4b569119a4ca0a13a58bcd43760359fbb4f The package's prepinstall.js script base64-decodes a hidden URL stored in a constant misleadingly named HASHKEY decoding to...

5.9AI score

OSSF Malicious Packages•added 2026/06/11 4:45 a.m.•8 views

Malicious code in field-upload-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 17402ad5019d1d433139ce2652d18d2493d87acfd1ede435a94c87eb421f25b1 On every npm install, the package's postinstall lifecycle script in package.json spawns a detached, unref'd Node process that decodes a base64-encode...

OSV•added 2026/06/11 4:36 a.m.•9 views

MAL-2026-5571 Malicious code in qa-handoff (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4939e56124668b7d03f9e2a96dfbfedba53e24aaa5d2190e298547e724b1f851 On npm install, the package automatically executes lib/setup.js via the postinstall lifecycle hook. The script spawns a detached Node process that...

OSV•added 2026/06/11 2:53 a.m.•9 views

MAL-2026-5557 Malicious code in janus-ft (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8d7caaba8f20d0f04bcb79ab4046d34bea20b858ed3fc37931c76109b366835f On npm install, the package's postinstall.js script harvests installer-side secrets and ships them to a hardcoded bare-IP C2 endpoint. Specifically, ...

5.6AI score

OSSF Malicious Packages•added 2026/06/11 2:2 a.m.•16 views

Malicious code in india-map-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a1de9d093e23698e3ad3f0336a7619bd43049d1f62b822744733a48060b51a4a package.json declares a postinstall hook that runs curl -skL...

6.2AI score

Exploits0References3

OSV•added 2026/06/11 2:2 a.m.•8 views

MAL-2026-5542 Malicious code in india-map-react (npm)

6.3AI score

Exploits0References3

OSV•added 2026/06/10 11:55 p.m.•7 views

MAL-2026-5535 Malicious code in zer0onedate (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 106494bfe4420962c30d8b3989a1397d197f277079c71b8d15695c9128d72399 On npm install, postinstall.js executes a chain of curl commands that read cloud instance metadata service IMDS endpoints — AWS...