Lucene search
K

1340 matches found

Snyk
Snyk
added 2025/08/27 1:12 a.m.4 views

Embeded Malicious Code

Overview @nx/workspace is an AI-first build platform that connects everything from your editor to CI. Helping you deliver fast, without breaking things. Affected versions of this package are vulnerable to Embeded Malicious Code through a malicious postinstall script that triggers a file named...

9.8CVSS7.1AI score0.00527EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/27 1:12 a.m.3 views

Embeded Malicious Code

Overview @nx/js is an AI-first build platform that connects everything from your editor to CI. Helping you deliver fast, without breaking things. Affected versions of this package are vulnerable to Embeded Malicious Code through a malicious postinstall script that triggers a file named...

9.8CVSS7.1AI score0.00527EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/27 1:12 a.m.2 views

Embeded Malicious Code

Overview @nx/key is a part of the Nx Powerpack extensions for Nx. This plugin provides the ability to activate and read licenses for Nx Powerpack Affected versions of this package are vulnerable to Embeded Malicious Code through a malicious postinstall script that triggers a file named...

9.8CVSS7.1AI score0.00527EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/27 1:12 a.m.3 views

Embeded Malicious Code

Overview @nx/node is an AI-first build platform that connects everything from your editor to CI. Helping you deliver fast, without breaking things. Affected versions of this package are vulnerable to Embeded Malicious Code through a malicious postinstall script that triggers a file named...

9.8CVSS7.1AI score0.00527EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/27 1:12 a.m.4 views

Embeded Malicious Code

Overview @nx/eslint is an AI-first build platform that connects everything from your editor to CI. Helping you deliver fast, without breaking things. Affected versions of this package are vulnerable to Embeded Malicious Code through a malicious postinstall script that triggers a file named...

9.8CVSS7.1AI score0.00527EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/27 1:12 a.m.2 views

Embeded Malicious Code

Overview nx is a The core Nx plugin contains the core functionality of Nx like the project graph, nx commands and task orchestration. Affected versions of this package are vulnerable to Embeded Malicious Code through a malicious postinstall script that triggers a file named telemetry.js. A...

9.8CVSS7.3AI score0.00527EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/27 1:12 a.m.3 views

Embeded Malicious Code

Overview @nx/enterprise-cloud is a part of the Nx Powerpack extensions for Nx. This plugin is specific to Nx Enterprise Cloud workspaces. Affected versions of this package are vulnerable to Embeded Malicious Code through a malicious postinstall script that triggers a file named telemetry.js. A...

9.8CVSS7.1AI score0.00527EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/27 1:12 a.m.2 views

Embeded Malicious Code

Overview @nx/devkit is an AI-first build platform that connects everything from your editor to CI. Helping you deliver fast, without breaking things. This package contains a set of utilities for creating Nx plugins. Affected versions of this package are vulnerable to Embeded Malicious Code throug...

9.8CVSS7.1AI score0.00527EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.3 views

Malicious code in used-first-in-postinstall-script-dotslashed (npm)

The package used-first-in-postinstall-script-dotslashed was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.2 views

MAL-2025-37964 Malicious code in used-first-in-postinstall-script-dotslashed (npm)

The package used-first-in-postinstall-script-dotslashed was found to contain malicious code...

7.2AI score
Exploits0
OSV
OSV
added 2025/08/12 5:9 p.m.2 views

MAL-2025-6829 Malicious code in tensorflowjs (npm)

Package is malicious due to code obfuscation, arbitrary command execution via childprocess.spawn, and suspicious postinstall script. --- -= Per source details. Do not edit below this line.=-...

7.6AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/12 5:9 p.m.3 views

Malicious code in tensorflowjs (npm)

Package is malicious due to code obfuscation, arbitrary command execution via childprocess.spawn, and suspicious postinstall script. --- -= Per source details. Do not edit below this line.=-...

7.6AI score
Exploits0References4
The Hacker News
The Hacker News
added 2025/08/01 12:20 p.m.9 views

AI-Generated Malicious npm Package Drains Solana Funds from 1,500+ Before Takedown

Cybersecurity researchers have flagged a malicious npm package that was generated using artificial intelligence AI and concealed a cryptocurrency wallet drainer. The package, @kodane/patch-manager, claims to offer "advanced license validation and registry optimization utilities for high-performan...

7.2AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/07/28 8:15 p.m.4 views

Malicious code in udn_extras (npm)

The package is a malware because it contains a postinstall script that executes index.js. The index.js script gathers sensitive information such as hostname, platform, username, IP address, and environment variables and sends it to an external server webhook.site via an HTTPS POST request. This...

6.6AI score
Exploits0References2
OSV
OSV
added 2025/07/28 8:15 p.m.2 views

MAL-2025-6387 Malicious code in udn_extras (npm)

The package is a malware because it contains a postinstall script that executes index.js. The index.js script gathers sensitive information such as hostname, platform, username, IP address, and environment variables and sends it to an external server webhook.site via an HTTPS POST request. This...

6.6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/07/21 6:24 a.m.5 views

Malicious code in napi-postinstall (npm)

This package installs a windows based malware file node-gyp.dll via install.js...

6.9AI score
Exploits0References1
Snyk
Snyk
added 2025/07/20 9:0 p.m.4 views

Embedded Malicious Package

Overview @toptal/picasso-utils is a malicious package. through the preinstall and postinstall scripts. A potentially compromised account operating in Toptal's GitHub organization exposed an AWS token, leading to the account being taken over. This allowed the attackers to expose private...

9.8CVSS7.4AI score
Exploits0References2
Snyk
Snyk
added 2025/07/20 9:0 p.m.3 views

Embedded Malicious Package

Overview @toptal/picasso-provider is a malicious package. through the preinstall and postinstall scripts. A potentially compromised account operating in Toptal's GitHub organization exposed an AWS token, leading to the account being taken over. This allowed the attackers to expose private...

9.8CVSS7.4AI score
Exploits0References2
Snyk
Snyk
added 2025/07/20 9:0 p.m.1 views

Embedded Malicious Package

Overview @toptal/picasso-typography is a malicious package. through the preinstall and postinstall scripts. A potentially compromised account operating in Toptal's GitHub organization exposed an AWS token, leading to the account being taken over. This allowed the attackers to expose private...

9.8CVSS7.4AI score
Exploits0References2
Snyk
Snyk
added 2025/07/20 9:0 p.m.4 views

Embedded Malicious Package

Overview @toptal/picasso-quote is a malicious package. through the preinstall and postinstall scripts. A potentially compromised account operating in Toptal's GitHub organization exposed an AWS token, leading to the account being taken over. This allowed the attackers to expose private...

9.8CVSS7.4AI score
Exploits0References2
Rows per page
Query Builder