Lucene search
+L

105 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago9 views

Malicious code in syft-acp-atoms (npm)

The syft-acp-atoms package was published to the npm registry by user 'ada8877' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the 'syft-acp' internal/private package naming convention an ACP component library of a target...

5.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago10 views

Malicious code in syft-acp-uikit (npm)

The syft-acp-uikit package was published to the npm registry by user 'ada8877' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the 'syft-acp' internal/private package naming convention an ACP component library of a target...

5.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago10 views

Malicious code in syft-acp-core (npm)

The syft-acp-core package was published to the npm registry by user 'ada8877' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the 'syft-acp' internal/private package naming convention an ACP component library of a target...

5.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago12 views

Malicious code in @edgecommons/streamlog-node (npm)

The @edgecommons/streamlog-node package was published to the npm registry by user 'ada8877' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name uses an '@edgecommons' scope that mimics the internal/private package naming convention of a...

5.5AI score
Exploits0References2
OSV
OSV
added 3 days ago5 views

MAL-2026-10765 Malicious code in syft-acp-core (npm)

The syft-acp-core package was published to the npm registry by user 'ada8877' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the 'syft-acp' internal/private package naming convention an ACP component library of a target...

5.6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago10 views

Malicious code in chat-adapter-zoom (npm)

The chat-adapter-zoom package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization a Zoom...

6.1AI score
Exploits0References3
OSV
OSV
added 6 days ago3 views

MAL-2026-10228 Malicious code in chat-adapter-zoom (npm)

The chat-adapter-zoom package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization a Zoom...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 12:0 a.m.4 views

Malicious code in tme-xca (npm)

The tme-xca package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization a 'tme' Travel Mall /...

6.2AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 12:0 a.m.5 views

Malicious code in @flex-ng/error-component (npm)

The @flex-ng/error-component package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization the...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 12:0 a.m.5 views

Malicious code in @idms-corp/auth-ui (npm)

The @idms-corp/auth-ui package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization the @idms-cor...

6.1AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 12:0 a.m.7 views

Malicious code in @flex-ng/header-component (npm)

The @flex-ng/header-component package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization the...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 12:0 a.m.3 views

Malicious code in tme-xca-react (npm)

The tme-xca-react package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization a 'tme' internal...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 12:0 a.m.5 views

Malicious code in enbd-react-logger (npm)

The enbd-react-logger package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization an 'enbd'...

6.1AI score
Exploits0References3
OSV
OSV
added 2026/07/06 12:0 a.m.4 views

MAL-2026-10222 Malicious code in @flex-ng/filter-pipe (npm)

The @flex-ng/filter-pipe package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization the @flex-n...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 12:0 a.m.3 views

Malicious code in @flex-ng/filter-pipe (npm)

The @flex-ng/filter-pipe package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization the @flex-n...

6.1AI score
Exploits0References3
OSV
OSV
added 2026/07/06 12:0 a.m.4 views

MAL-2026-10221 Malicious code in @flex-ng/error-component (npm)

The @flex-ng/error-component package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization the...

6.1AI score
Exploits0References3
OSV
OSV
added 2026/07/06 12:0 a.m.2 views

MAL-2026-10229 Malicious code in enbd-react-error-boundry (npm)

The enbd-react-error-boundry package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization an 'enb...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 7:9 p.m.14 views

Malicious code in opt-archetype-check (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6497b3f44c017bc9ba783cd75e17d4992f79542d8819558da92e152ee4d4471e On npm install, the package's postinstall hook executes node index.js, which collects the installer's public IP via api.ipify.org, hostname, username...

5.9AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 5:43 p.m.14 views

Malicious code in exodus-secure-container (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 92bc77b12251baa18392bd90e84d6bdc57aaef9a8c774f8cb29a0066e80f76b5 On npm install, the package runs node src/canary.js as a postinstall hook. That script performs a DNS lookup and HTTPS GET to the hardcoded host...

5.4AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 5:16 p.m.17 views

Malicious code in @oplus/obus-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ed41b3738a8034ebb2e92744dd0891812f6c6fdb278e78c377045a86f2b5a34d On npm install, scripts/postinstall.js collects the installer's username os.userInfo, hostname os.hostname, current working directory process.cwd, an...

5.5AI score
Exploits0References1
Rows per page
Query Builder