Lucene search
+L

31 matches found

OSV
OSV
added 2026/05/25 6:11 p.m.16 views

MAL-2026-4438 Malicious code in @service-suppliers/suppliers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a79ca8ef6257be2fbac9c361b969d9e63ce6a833e42dafa4b558e1f805276502 On npm install, scripts/postinstall.js performs two attacker-benefit actions against the installer. First, it scrapes installer-side credentials: it...

5.8AI score
Exploits0References2
EUVD
EUVD
added 2025/11/12 10:25 p.m.3 views

EUVD-2025-136045

Malicious code in itale-dci-rfsrgget npm...

6.6AI score
Exploits0
Snyk
Snyk
added 2023/06/06 8:20 a.m.2 views

Malicious Package

Overview @egds/lodging is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

9.8CVSS7.1AI score
Exploits0References3
Snyk
Snyk
added 2023/04/04 8:19 a.m.4 views

Malicious Package

Overview @miro-site/localization is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

9.8CVSS7.1AI score
Exploits0References3
Snyk
Snyk
added 2023/04/04 8:19 a.m.2 views

Malicious Package

Overview gina is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was installe...

9.8CVSS7.1AI score
Exploits0References3
Snyk
Snyk
added 2023/03/01 8:20 a.m.3 views

Malicious Package

Overview scuid-x is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

9.8CVSS7.1AI score
Exploits0References3
Snyk
Snyk
added 2023/03/01 8:18 a.m.3 views

Malicious Package

Overview sapling-output-plugin is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

9.8CVSS7.1AI score
Exploits0References3
Snyk
Snyk
added 2023/03/01 8:18 a.m.5 views

Malicious Package

Overview gateleen-hook-js is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package...

9.8CVSS7.1AI score
Exploits0References3
Snyk
Snyk
added 2023/02/21 8:16 a.m.4 views

Malicious Package

Overview tools-access-react-redux-router is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable i...

9.8CVSS7.1AI score
Exploits0References3
Snyk
Snyk
added 2023/02/21 8:16 a.m.4 views

Malicious Package

Overview tslint-ymaps-rules is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packag...

9.8CVSS7.1AI score
Exploits0References3
Snyk
Snyk
added 2023/01/29 3:29 p.m.1 views

Malicious Package

Overview @absis-components/ui-core-elements is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerabl...

9.8CVSS7.1AI score
Exploits0References3
Snyk
Snyk
added 2023/01/29 3:29 p.m.2 views

Malicious Package

Overview @nelio-content/data is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packa...

9.8CVSS7.1AI score
Exploits0References3
Snyk
Snyk
added 2023/01/29 3:29 p.m.4 views

Malicious Package

Overview @playgami/eslint-config-portal-typescript is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only...

9.8CVSS7.1AI score
Exploits0References3
Snyk
Snyk
added 2023/01/29 3:29 p.m.1 views

Malicious Package

Overview @att-bit/duc.components.cardshell is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable...

9.8CVSS7.1AI score
Exploits0References3
Snyk
Snyk
added 2023/01/29 3:29 p.m.6 views

Malicious Package

Overview qb2 is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was installed...

9.8CVSS7.1AI score
Exploits0References3
Snyk
Snyk
added 2022/10/11 8:18 a.m.3 views

Malicious Package

Overview @unity-hub-components/tooltip is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if...

9.8CVSS7.1AI score
Exploits0References3
Snyk
Snyk
added 2022/09/13 8:13 a.m.2 views

Malicious Package

Overview @newfold-labs/wp-module-ecommerce is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable...

9.8CVSS7.1AI score
Exploits0References3
Snyk
Snyk
added 2022/09/08 11:24 a.m.2 views

Malicious Package

Overview epic-ue-marketo is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package w...

9.8CVSS7.1AI score
Exploits0References3
Snyk
Snyk
added 2022/08/19 8:11 a.m.1 views

Malicious Package

Overview @ramanmg03/web-pkg is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packag...

9.8CVSS7.1AI score
Exploits0References3
Snyk
Snyk
added 2022/08/19 8:11 a.m.3 views

Malicious Package

Overview dobix is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was install...

9.8CVSS7.1AI score
Exploits0References3
Rows per page
Query Builder