Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

OSV
OSVadded 3 days ago4 views

MAL-2026-5479 Malicious code in mcp-server-github (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 747734631bd95c9a23ba57ea3610af951c612b8841e9c2e2ab99c3c70f244886 Unscoped package mcp-server-github impersonates the official @modelcontextprotocol/server-github MCP server. package.json declares a postinstall hook...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packagesadded 3 days ago6 views

Malicious code in getd-eslint-rules (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 17328047b2ec8dce82cfbdfd5b16c8f862d51dca26b02c9801587c220a48975a On npm install, postinstall.js collects host identifiers os.hostname, os.userInfo username, os.platform, current working directory, CI environment...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packagesadded 3 days ago5 views

Malicious code in gethandler-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0b6925d4c07df297f8cb573df4d85a396794d8793179e7a97f2cfde3aadfcfbc On npm install, postinstall.js unconditionally sends an HTTPS GET to https://webhook.site/18dc4281-d366-438a-9186-76fbcd56ade5 carrying the installer...

5.5AI score
Exploits0References1
OSV
OSVadded 2026/05/21 5:44 a.m.11 views

MAL-2026-4489 Malicious code in auth0-templates-scripts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1bc0f40b778be080e2a14dd0097ab772565cc570f5fd471f10e883f259be2db6 Package name 'auth0-templates-scripts' impersonates the Auth0 Okta brand without affiliation. The author field is the placeholder 'OpenSource...

5.7AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/21 1:33 a.m.10 views

Malicious code in @zentrix23/baileys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 00e60d3c1f2afd09e236dc4a5ae0cf2373029e6c62c4f7a9c571b13c2da01cd7 This package is a fork of @whiskeysockets/baileys with an undocumented modification: inside makeNewsletterSocket called unconditionally by...

5.8AI score
Exploits0References1
OSV
OSVadded 2026/05/20 9:42 a.m.12 views

MAL-2026-4624 Malicious code in nw-demo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5e3ff057a42800ad78024ac1c48e0d6fbf9c828eb828a41e6737c32b6174ce8c Package is published publicly on npm at version 100.20.33 — a version-number shape used in dependency-confusion attacks to outrank private internal...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/19 7:7 p.m.8 views

Malicious code in @dknzo/soonex-ai (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 637d9821dd6061c21dfa483bdefec73cd6ddeb8ba6e1d9bd9653784de514e9b5 The package advertises itself as 'Internal core lifecycle utilities for Baileys socket connection' but its sole exported function...

5.8AI score
Exploits0References2
OSV
OSVadded 2026/05/19 7:7 p.m.5 views

MAL-2026-4383 Malicious code in @dknzo/soonex-ai (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 637d9821dd6061c21dfa483bdefec73cd6ddeb8ba6e1d9bd9653784de514e9b5 The package advertises itself as 'Internal core lifecycle utilities for Baileys socket connection' but its sole exported function...

5.8AI score
Exploits0References2
Rows per page
Query Builder