Lucene search
+L

3553 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 6:59 p.m.7 views

Malicious code in twcompose-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 096d151917a14021013de8dbd595466944a677be49ee8ca4b3ed94de63d85cd9 The package's main entry point src/index.js contains heavily obfuscated JavaScript at line 138 using a classic string-array shuffle pattern while!!...

6AI score
Exploits0References3
OSV
OSV
added 2026/07/06 6:59 p.m.8 views

MAL-2026-6899 Malicious code in twcompose-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 096d151917a14021013de8dbd595466944a677be49ee8ca4b3ed94de63d85cd9 The package's main entry point src/index.js contains heavily obfuscated JavaScript at line 138 using a classic string-array shuffle pattern while!!...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 6:59 p.m.7 views

Malicious code in ts-bigtn (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3fe9cda51a9c873f69575fec5aada84c81b0b7e907d060f28d6c6e95dc381911 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/07/06 6:59 p.m.6 views

MAL-2026-6895 Malicious code in ts-bigtn (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3fe9cda51a9c873f69575fec5aada84c81b0b7e907d060f28d6c6e95dc381911 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/07/06 6:58 p.m.5 views

MAL-2026-6894 Malicious code in tracing-str (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 466143b5f195d4924e2227921a288954ecec9ed34d52af8ff433056f5ff56903 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/07/06 6:57 p.m.5 views

MAL-2026-6868 Malicious code in pretty-pino-loggers (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6f1b4c6d11dae72d82f4c6d856e9445f27cee3a1ed475f2043b5d7369aad48be Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 6:56 p.m.10 views

Malicious code in polymarket-onchain-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 73556a574d8ee416a5440f889b73cafff3b464650d6b2b2caf4001ce15086f6c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/07/06 6:55 p.m.5 views

MAL-2026-6857 Malicious code in npm-doc-dev (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cd9478699eb0ff355280d938bef68818018c0c5cb579b3c144f6c0e134dfad1b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 6:53 p.m.9 views

Malicious code in log-format-thread (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e034e855661cc792a14908c613b0d3ae31917a99927ddf0db29b1ae173df0cd Package advertises itself as a log formatter but exposes an undocumented threadContent option on createLogger that is forwarded to a worker thread...

6.3AI score
Exploits0References3
OSV
OSV
added 2026/07/06 6:53 p.m.3 views

MAL-2026-6841 Malicious code in jsonupper (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d1b0da679706ef488ebbf32e7449d3b4d79fae3bf468f5f167de3f657f75eb2a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 6:52 p.m.8 views

Malicious code in bootstrap-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d9ac4913fc1ffcabe1ed6637abc6d532abc014683f48b341ece6127a51da15d8 The package's index.js is heavily obfuscated with classic string-array shuffling patterns e.g., while!! loops with repeated 'shift' calls and...

6AI score
Exploits0References2
OSV
OSV
added 2026/07/03 4:6 p.m.6 views

MAL-2026-6743 Malicious code in api-node-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9ac5b00d553b256f998ea13be45b7f41a939f85e3c272bf24fd91ad6747c6266 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/07/03 3:37 p.m.8 views

MAL-2026-6738 Malicious code in @jacobtan/decode-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a99e8b0d7812c216410fc0ff557698f61a595d4ded8579c18fab63ab3ac8b924 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/07/02 5:17 p.m.8 views

UBUNTU-CVE-2026-54887

Use of Default Cryptographic Key vulnerability in Erlang/OTP ssl DTLS server allows predictable DTLS cookie computation during the startup window, enabling source address verification bypass. On DTLS server startup, dtlsserverconnection:initialhello/3 initializes previouscookiesecret to the empty...

6.3CVSS6AI score0.00243EPSS
Exploits0References8
OSV
OSV
added 2026/06/29 4:53 p.m.14 views

MAL-2026-6615 Malicious code in @digitalpharmacist/http-error-util (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bd3874246d23d6027bd09962515c8e79a0246740ff5fc6f853270c0a40271d18 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:53 p.m.9 views

Malicious code in @orbis-lr-sdk/orbis-lr-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 447ee314f32023031250cefe4570378f31d8055a02384eccecb5c288ae6e2405 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:53 p.m.11 views

Malicious code in @ms-ows/logging (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b7ffaf65611a7bb55512d442ab6d19f3b1c702db0224b994e0b80df4f30e1dff Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/06/29 4:53 p.m.9 views

MAL-2026-6633 Malicious code in @ms-ows/logging (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b7ffaf65611a7bb55512d442ab6d19f3b1c702db0224b994e0b80df4f30e1dff Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/06/29 4:50 p.m.8 views

MAL-2026-6640 Malicious code in @rakuten-rewards/messaging-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5881076c822a732d6344ff3614bf7437722ca46d9d5f5dbdf3105586fa078dd4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:50 p.m.11 views

Malicious code in @experian-shared/services (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0b9781b2089d3aeafbedfe7c81af43904472553991bd7e50695ab301d4529eaa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
Rows per page
Query Builder