CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/05/25 3:12 p.m.•14 views

MAL-2026-4707 Malicious code in vue-compiler-sfc-plugin (npm)

6.1AI score

OSSF Malicious Packages•added 2026/05/25 1:45 p.m.•11 views

Malicious code in claude-channel-imessage (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9751c370c062cb40bccb874f46679ad3ca8ba9d3b49d0d8ba1f924d9582e53a3 On npm install, postinstall.js executes whoami and id, reads os.hostname, os.platform, process.cwd, and the CI, GITHUBREPOSITORY, and NODEENV...

OSV•added 2026/05/25 12:3 p.m.•9 views

MAL-2026-4350 Malicious code in clobprice.api (npm)

A campaign of npm packages sharing a common dropper clob.js that downloads and persistently installs a Windows executable from IPFS on postinstall. The dropper fetches the binary from IPFS CID bafybeif3zkapj364ofnrvbty7oj5h5ufpxlp4s62usk3ulxrru35e3gssa via multiple public gateways Pinata,...

OSSF Malicious Packages•added 2026/05/25 12:2 p.m.•12 views

Exploits0References3

Malicious code in clob.api (npm)

OSSF Malicious Packages•added 2026/05/25 12:0 p.m.•10 views

Malicious code in @devcarron/clob (npm)

OSSF Malicious Packages•added 2026/05/24 3:52 p.m.•11 views

Malicious code in power-platform-playwright-toolkit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 57967d58233d74f2fc4f9b0dee7c050370eb388050df8d63f29e719f83468d73 On npm install, the package's postinstall script postinstall.js collects host identifiers and CI context — whoami, os.hostname, os.platform, cwd, CI,...

OSV•added 2026/05/24 3:52 p.m.•7 views

MAL-2026-4644 Malicious code in power-platform-playwright-toolkit (npm)

OSV•added 2026/05/24 3:22 p.m.•8 views

MAL-2026-4504 Malicious code in cami-design (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 57ccc787b2437085a18ed05c52fc473d8c28162cbe3cbbaa04adaefa73389da1 On install, scripts/install.js invokes autoUpdate.install, which writes a launchd agent to...

6.4AI score

OSSF Malicious Packages•added 2026/05/24 8:52 a.m.•11 views

Malicious code in twokey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 20c6d8e22fd03dd5ff39bac81bcbffd05db3b2a08dcf9768332094ffcca4eebd The package's postinstall hook unconditionally executes node bin/twokey.js --desktop --enable-autostart, which performs three install-time actions...

5.9AI score

Exploits0References5

OSV•added 2026/05/24 8:52 a.m.•8 views

MAL-2026-4697 Malicious code in twokey (npm)

5.9AI score

Exploits0References5

OSSF Malicious Packages•added 2026/05/24 2:10 a.m.•10 views

Malicious code in freertc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1fb3d1337fc97d6eaccde325dc5f539a28af051f548c31f1b97a8752b8f51878 On install, scripts/postinstall-message.mjs reads the consumer project's package.json via process.env.INITCWD, and if freertc appears in...

OSV•added 2026/05/24 2:10 a.m.•7 views

Exploits0References8

MAL-2026-4567 Malicious code in freertc (npm)

OSSF Malicious Packages•added 2026/05/23 11:3 p.m.•12 views

Exploits0References8

Malicious code in openprompt-lang (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 24ccd29557423c05fb49b14b0a9a2e1cfbe5a2b69a1276bc76d287edc46f4ec2 On every npm install, openprompt-lang's postinstall hook scripts/postinstall.js:83 executes npm install -g @opencode/cli 2/dev/null || curl -fsSL...

5.3AI score

Exploits0References11

The Hacker News•added 2026/05/23 4:7 p.m.•19 views

Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware

A new "coordinated" supply chain attack campaign has impacted eight packages on Packagist including malicious code designed to run a Linux binary retrieved from a GitHub Releases URL. "Although the affected packages were all Composer packages, the malicious code was not added to composer.json,"...

6.6AI score

Exploits0

OSV•added 2026/05/23 3:53 p.m.•6 views

MAL-2026-4695 Malicious code in turbo-axios (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 62503451ade68043379968f3dc4784fdb66424d55422854514e3ba1b10058324 turbo-axios is a typosquat of the popular axios HTTP client it re-exports the full axios API and reuses axios's repository/homepage metadata in...

6.6AI score

OSSF Malicious Packages•added 2026/05/23 2:17 a.m.•12 views

Malicious code in dds-js-idl-types (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 68e8941c301603919022f1d67d311d576d5d5efcac7ed7cb0d3526cb71e829d6 On npm install, the package's postinstall.js runs whoami and reads os.hostname, os.platform, the current working directory, and CI-related environmen...

OSV•added 2026/05/22 4:40 p.m.•7 views

MAL-2026-4692 Malicious code in thevoid (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0ce4d125de5d699da897d074134f8d1f0a971aa23d9c3d6ff3330015fccad091 On install, postinstall.js performs an HTTPS request to void-relay.com carrying process.env contents along with host identifiers process.platform,...

OSV•added 2026/05/22 2:23 p.m.•10 views

MAL-2026-4345 Malicious code in eo-terminal (npm)

Part of a multi-package malicious campaign by npm author toskypi, eo-terminal is a fully-featured infostealer and remote access trojan RAT disguised as "terminal changelog logger utilities." The package README describes a completely different package terminal-logger-utils, indicating a...

6AI score

Exploits0References4

OSSF Malicious Packages•added 2026/05/22 1:45 p.m.•9 views

Malicious code in swift-optimizer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c54f35da6df5cef65715d49fb7942aff442ee9a0cb486862031e5009277db3a On npm install, [email protected] runs scripts/install-binary.js as a postinstall hook. The script is a hand-rolled JavaScript bytecode VM 123 KB...

5.9AI score