Lucene search
K

177 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/28 12:0 a.m.23 views

Malicious code in @cloudplatform-single-spa/ml-finetuning (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/28 12:0 a.m.12 views

Malicious code in @mlspace/file-manager (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/28 12:0 a.m.11 views

MAL-2026-5025 Malicious code in @mlspace/profile (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/28 12:0 a.m.23 views

Malicious code in @debit-ib/mobile-debit-ib-additional-card-form (npm)

Part of a dependency confusion attack campaign targeting the @car-loans, @fb-deposit, and @debit-ib npm scopes. The attacker npm user pik-libs published 25 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version resolution,...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/28 12:0 a.m.31 views

Malicious code in @cloudplatform-single-spa/dataplatform-metastore (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/28 12:0 a.m.17 views

Malicious code in @cloudplatform-single-spa/ml-inference-model-run (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/28 12:0 a.m.28 views

Malicious code in @cloudplatform-single-spa/enterprise (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/28 12:0 a.m.27 views

Malicious code in @cloudplatform-single-spa/svp-vm-migration (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/28 12:0 a.m.20 views

Malicious code in @cloudplatform-single-spa/datagrid (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/28 12:0 a.m.22 views

Malicious code in @cloudplatform-single-spa/postgre (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/28 12:0 a.m.16 views

Malicious code in @car-loans/feature-toggles-module (npm)

Part of a dependency confusion attack campaign targeting the @car-loans, @fb-deposit, and @debit-ib npm scopes. The attacker npm user pik-libs published 25 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version resolution,...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/28 12:0 a.m.21 views

Malicious code in @cloudplatform-single-spa/iam (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/28 12:0 a.m.22 views

MAL-2026-4953 Malicious code in @cloudplatform-single-spa/notification-gateway (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/28 12:0 a.m.22 views

Malicious code in @cloudplatform-single-spa/vmmanager (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/28 12:0 a.m.19 views

Malicious code in @cloudplatform-single-spa/pangolin (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/25 6:8 p.m.14 views

Malicious code in @service-suppliers/set_selected_supplier (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eba319282947a6dfb83a31cec6127e62594cc16160bd9c74cee3feee349c4b07 The postinstall hook in scripts/postinstall.js performs two independently-blocking actions on every npm install. First, it scrapes installer-side...

6AI score
Exploits0References2
OSV
OSV
added 2026/05/23 3:53 p.m.8 views

MAL-2026-4695 Malicious code in turbo-axios (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 62503451ade68043379968f3dc4784fdb66424d55422854514e3ba1b10058324 turbo-axios is a typosquat of the popular axios HTTP client it re-exports the full axios API and reuses axios's repository/homepage metadata in...

6.6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/22 10:21 a.m.18 views

Malicious code in logger-draft (npm)

Part of a multi-package malicious campaign by npm author toskypi, logger-draft is a companion package to eo-terminal in the same infostealer and remote access trojan RAT campaign. Both packages share the same actor, C2 infrastructure, and attack pattern, and are distributed together under a...

6AI score
Exploits0References4
OSV
OSV
added 2026/05/21 7:57 p.m.9 views

MAL-2026-4565 Malicious code in fnd-stores (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 62c9035e303ec731c71c689ed77eed17b245cd4adc475cb616ff94991539aa56 On npm install, the package's postinstall hook runs node index.js, which collects the installer's hostname, OS platform, current working directory, C...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/21 1:6 a.m.14 views

MAL-2026-4510 Malicious code in cerebrum-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e0ac38481a69f23f9170b098fcd48cd72b82edb969bdd44eb3aa5cc377a13a0d On npm install, the package's postinstall hook runs setup.js, which decodes an embedded base64 string into a tar.gz file at ../../../tempbundle.tar.g...

5.9AI score
Exploits0References1
Rows per page
Query Builder