Lucene search
K

1399 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/25 12:35 a.m.9 views

Malicious code in tailwind-animationbasis (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 613bfa904c0195c7d59209123554b2be83ed4a0568c174e8b221e22725fec103 The package tailwind-animationbasis was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/03/24 12:48 p.m.10 views

MAL-2026-2126 Malicious code in agoda-dep-confusion (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector faa0bc71a76133f8ba2469aab72a42ed605c22eaf6a3816754f5dff2cb21fa87 The package agoda-dep-confusion was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/03/24 9:49 a.m.7 views

MAL-2026-2125 Malicious code in customerdigital-ui-components-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 70a8c957edf16da956a7859c7a0e1d8accbe84824b88f1f19f70a01acd07b729 The package customerdigital-ui-components-lib was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
Cvelist
Cvelist
added 2026/03/23 9:47 p.m.63 views

CVE-2026-33634 Trivy ecosystem supply chain briefly compromised

Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77 version tags in aquasecurity/trivy-action to credential-stealing malware, and replace all 7 tags in aquasecurity/setup-trivy with malicious...

9.4CVSS0.60368EPSS
Exploits2References10
CVE
CVE
added 2026/03/23 9:47 p.m.60 views

CVE-2026-33634

CVE-2026-33634 is tied to a supply-chain compromise involving Aqua Security Trivy. Concrete details show: (1) affected items include Trivy binary/image v0.69.4, and GitHub Actions components aquasecurity/trivy-action (versions 0.0.1–0.34.2, 76/77 forced-pushed) and aquasecurity/setup-trivy (0.2.0...

9.4CVSS5.9AI score0.60368EPSS
In wildExploits2References14Affected Software3
OSV
OSV
added 2026/03/23 1:47 p.m.4 views

MAL-2026-2086 Malicious code in falcor-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d9785eb8c1ddee20b09854389d561efd036035d846771b120bb4d7c412816f19 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/03/23 1:47 p.m.3 views

MAL-2026-2098 Malicious code in sd-basket-highlight (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1eb99aa8736f7070c6e86b764bff3d6a3297cb10df44fa32ee65d1d7c3a74754 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/03/22 6:23 p.m.4 views

MAL-2026-2043 Malicious code in @emilgroup/commission-sdk-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 85f1482a778fd65de3055f40733fdf55e9e0e2c3495dda2c72ff686d0841b91c The package @emilgroup/commission-sdk-node was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/22 6:22 p.m.8 views

Malicious code in @emilgroup/changelog-sdk-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eeeaacce965f54999e4e8fc1a9db77251e1c3956c24672ffe63e1285c46e737d The package @emilgroup/changelog-sdk-node was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/22 6:20 p.m.8 views

Malicious code in @leafnoise/mirage (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 157e0e66e325f6fc597250166e5f27d4fef94ef77d3d758ab52e0df7eca85114 The package @leafnoise/mirage was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References4
OSV
OSV
added 2026/03/22 6:19 p.m.4 views

MAL-2026-2037 Malicious code in @emilgroup/auth-sdk-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ccb489120e1ad55e75b6bacdf15a54015c9de9959ea853cd391dc4dd66948001 The package @emilgroup/auth-sdk-node was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/22 6:12 p.m.9 views

Malicious code in @emilgroup/notification-sdk-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 064481cc260cfd8e135bc037198dd7baf6c95d4e7f41997cfad506e2627f0f8a The package @emilgroup/notification-sdk-node was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References4
OSV
OSV
added 2026/03/22 6:10 p.m.4 views

MAL-2026-2057 Malicious code in @emilgroup/payment-sdk-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 83fcb6922c65850eff14baf7a463c2b14b358ffebdc5a15c312ec7328a142407 The package @emilgroup/payment-sdk-node was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/22 6:3 p.m.8 views

Malicious code in @emilgroup/claim-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a86e7c53acc9840bac58a8ff7aca0a0d40a03ab2a8ac73dd55d0314373528800 The package @emilgroup/claim-sdk was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References4
OSV
OSV
added 2026/03/20 4:43 a.m.5 views

MAL-2026-1947 Malicious code in el-icon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a3c49d25d54c1bd3e1e5ba1ab4996329e8244ba30c1639f977985930fafd91f The package el-icon was found to contain malicious code. Source: ghsa-malware a5783aeff6b8639c7ecb526c39e297c96949bead58c8e1aabf1be7417d75e696 Any...

5.7AI score
Exploits0References1
OSV
OSV
added 2026/03/20 4:30 a.m.3 views

MAL-2026-1941 Malicious code in client-hash-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b5e4f22c87c51a8d6ffccab6fd55f99bd1e00c5aa5f0921fbdf58e21ba46e5b The package client-hash-sdk was found to contain malicious code. Source: ghsa-malware cedf8ca9f5375c7911d3d208049fbee8bbbb39a57f4cf741dbfb69e79b21d51...

5.7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/16 12:0 a.m.8 views

Malicious code in transform-typescript (npm)

The package 'transform-typescript' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

5.5AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/16 12:0 a.m.8 views

Malicious code in import-newlines (npm)

The package 'import-newlines' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

5.5AI score
Exploits0References3
OSV
OSV
added 2026/03/16 12:0 a.m.6 views

MAL-2026-1555 Malicious code in typescript-vue-apollo-smart-ops (npm)

The package 'typescript-vue-apollo-smart-ops' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

5.6AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/13 6:47 a.m.5 views

Malicious code in dell-fusion-core-drzak (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d5d156081b9f33279287f433edff50b49a63fa67e0da031c374075fde1cc24f The package dell-fusion-core-drzak was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
Rows per page
Query Builder