CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSSF Malicious Packages•added 2026/06/11 1:42 a.m.•9 views

Malicious code in pocteszep (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e13c609971d69e4699c85f451f163c7ab60ebb775171211fbd20d880b0ef2a2d The package's npm preinstall lifecycle script runs wget --quiet...

5.6AI score

Exploits0References7

OSV•added 2026/06/11 1:42 a.m.•11 views

MAL-2026-5544 Malicious code in pocteszep (npm)

5.6AI score

Exploits0References7

OSSF Malicious Packages•added 2026/06/10 6:22 p.m.•12 views

Malicious code in @orion-design-system/foundation (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e7fdf1bb78d6c3750adffa854f5f08c7f2fd7af6166f7234aa5cbf4974a1375 The package's npm preinstall lifecycle script runs an inline node -e payload that collects the installer's hostname os.hostname and OS username...

OSV•added 2026/06/10 6:22 p.m.•6 views

Exploits0References5

MAL-2026-5523 Malicious code in @orion-design-system/foundation (npm)

OSSF Malicious Packages•added 2026/06/10 6:21 p.m.•9 views

Exploits0References5

Malicious code in @orion-design-system/store (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4218505b74ba258cea12df713bbc27db9fa58d6660cf83e6d0c5fd8a9f68a4c2 package.json declares a preinstall script that runs on every npm install. The script uses node -e to require os and https, reads os.hostname and...

5.4AI score

OSSF Malicious Packages•added 2026/06/09 5:41 p.m.•7 views

Malicious code in @nstrlabs/utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36d8d7c327560bb7a4c08d906db240a2dc146e20f828d9dfc5ab79497b155355 On npm install, the package's preinstall script node index.js || true executes automatically and collects host identifiers from the installer's machi...

OSV•added 2026/06/09 5:41 p.m.•18 views

MAL-2026-5423 Malicious code in @nstrlabs/utils (npm)

OSV•added 2026/06/09 5:36 p.m.•11 views

MAL-2026-5427 Malicious code in @payment-review/store (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2d624eaefbb0245bf0c9a7b598c461a3ba5ec48005cfec223898062741ef8c2e package.json declares preinstall: node index.js || true, so installing the package automatically runs index.js on npm install. The script collects ho...

OSSF Malicious Packages•added 2026/06/09 5:36 p.m.•7 views

Malicious code in @payment-review/store (npm)

OSSF Malicious Packages•added 2026/06/09 5:34 p.m.•5 views

Malicious code in morningstar-design-system (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 18591ac1a5cb5ca3d11e07bde38f230dccc530bb4614d45f9be1f547677a2c9e On npm install, the package's preinstall lifecycle script runs wget against a hardcoded bare-IP HTTP endpoint, passing the output of id, pwd, hostnam...

5.6AI score

OSV•added 2026/06/09 2:17 p.m.•6 views

MAL-2026-5382 Malicious code in @doaction/types (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4092c28082abff16427aa0e246a327796294411786dae585fb4ab3114ad6504f @doaction/[email protected] is a dependency-confusion lure targeting an internal @doaction scope. The package.json declares "version": "99.99.99" and pi...

Snyk•added 2026/05/31 9:0 p.m.•8 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to the "Miasma" supply chain attack targeting the @redhat-cloud-services npm namespace. A malicious actor compromised the publication pipeline and published versions containing malicious code that includes...

9.8CVSS5.8AI score

Snyk•added 2026/05/31 9:0 p.m.•4 views

Embedded Malicious Code

9.8CVSS5.8AI score

Snyk•added 2026/05/31 9:0 p.m.•5 views

Embedded Malicious Code

9.8CVSS5.8AI score