Lucene search
K

44 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 8:31 a.m.10 views

Malicious code in @semacode/cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 28a3662b8e26593b7bfec35d4d4f02595144885ee738891c4c9e6a89f9e50fbb The bundled CLI dist/index.js contains a hardcoded outbound POST to https://sema.otimitare.online combined with reads of process.env and...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/20 8:31 a.m.15 views

MAL-2026-4434 Malicious code in @semacode/cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 28a3662b8e26593b7bfec35d4d4f02595144885ee738891c4c9e6a89f9e50fbb The bundled CLI dist/index.js contains a hardcoded outbound POST to https://sema.otimitare.online combined with reads of process.env and...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/24 9:3 a.m.7 views

Malicious code in cclr-component-resources (npm)

Multiple evidences suggest this package is a malware: code obfuscation, dynamic code execution, suspicious domain, and unusual install script. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 61af3265fce06cfbb9bbf20e38d468e136487f69c41f70b0bbb1b331535bdf82 The...

6AI score
Exploits0References1
OSV
OSV
added 2026/03/24 9:3 a.m.10 views

MAL-2026-2413 Malicious code in cclr-component-resources (npm)

Multiple evidences suggest this package is a malware: code obfuscation, dynamic code execution, suspicious domain, and unusual install script. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 61af3265fce06cfbb9bbf20e38d468e136487f69c41f70b0bbb1b331535bdf82 The...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/03/17 6:15 a.m.3 views

MAL-2026-1494 Malicious code in navi-design-system (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d7c20b1a93d0713a7cd64e5937906dc8db43fe90795827cedac30fc64031c68 The package navi-design-system was found to contain malicious code. Source: ossf-package-analysis...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/10 8:31 a.m.7 views

Malicious code in @web-monorepo/fetchers (npm)

Package is malware. It exfiltrates data to a suspicious domain via callback.js, triggered by a preinstall script in package.json. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a3faaa666cb666785670b3a638b1f832d4492f7eb2c999f41f7bb551cde2aa86 The package...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/03/10 8:31 a.m.3 views

MAL-2026-1318 Malicious code in @web-monorepo/fetchers (npm)

Package is malware. It exfiltrates data to a suspicious domain via callback.js, triggered by a preinstall script in package.json. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a3faaa666cb666785670b3a638b1f832d4492f7eb2c999f41f7bb551cde2aa86 The package...

5.8AI score
Exploits0References1
OSV
OSV
added 2025/09/26 5:28 p.m.2 views

MAL-2025-47845 Malicious code in chia.dock1 (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 26caa58ce2e667f101c3a56e08b3d2215d71ce03b48bf8ec8c162b5725b171d8 Any computer that has this package installed or running should be considered...

6.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/23 3:4 p.m.5 views

Malicious code in website-memory (npm)

The package communicates with a domain associated with malicious activity...

7AI score
Exploits0
OSV
OSV
added 2025/08/17 5:24 p.m.4 views

MAL-2025-6895 Malicious code in commonweb-setup (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 0c019e3086bf1cec9b859c8fe048187fc7cf6dc866de93fbd0ff2182b3e4fc0a The OpenSSF Package Analysis project identified 'commonweb-setup' @ 10.11.0 npm as malicious. It is considered malicious because: - The package...

7.3AI score
Exploits0
OSV
OSV
added 2025/07/30 5:43 p.m.3 views

MAL-2025-6696 Malicious code in astro-benchmark (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSV
OSV
added 2025/07/26 11:16 a.m.3 views

MAL-2025-6254 Malicious code in redux-init-rce (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 001436a444d94a1473a5f914d6f2ff7e18e622f232ca7b48be8c0126a70eb962 The OpenSSF Package Analysis project identified 'redux-init-rce' @...

7.3AI score
Exploits0
OSV
OSV
added 2025/07/26 11:15 a.m.4 views

MAL-2025-6253 Malicious code in dva-update-rce (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b95ece97aa3f5d58ea4fb2cedc0508d316d19bf5241465748806202bcd86c861 The OpenSSF Package Analysis project identified 'dva-update-rce' @...

7.3AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/07/25 7:51 p.m.5 views

Malicious code in tool-commitizen-adapter-xp (npm)

The package communicates with a domain associated with malicious activity...

7AI score
Exploits0
OSV
OSV
added 2025/07/22 4:26 p.m.5 views

MAL-2025-6078 Malicious code in chime-core-utils (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cb533ce212898abdb893a38eb8ade78a5a77d62616bb84b5e0cf00f93ffec6de Any computer that has this package installed or running should be considered...

7AI score
Exploits0References1
OSV
OSV
added 2025/06/17 6:10 a.m.2 views

MAL-2025-5173 Malicious code in myatt (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 642dc644bf145b2ed3bb5126b58d897d06442693fcfb6747ea553b87ab935bc3 The OpenSSF Package Analysis project identified 'myatt' @ 1.0.10 npm as malicious. It is considered malicious because: - The package communicate...

7.3AI score
Exploits0
OSV
OSV
added 2025/05/07 8:40 a.m.7 views

MAL-2025-3664 Malicious code in @ai-document-translation/ui-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c8c94ea05205ad6ac8c809be2fa22e18fae368f27f1f8bd34048528dc25daa90 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
added 2025/04/17 7:36 p.m.6 views

MAL-2025-3222 Malicious code in web-sim-control (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 8d3b8a674300adbbebf266b874c5c0505e514bace39bd005a46f18525cd3eb16 The OpenSSF Package Analysis project identified 'web-sim-control' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

7.1AI score
Exploits0
OSV
OSV
added 2025/03/27 3:47 p.m.4 views

MAL-2025-2734 Malicious code in dmpconnectjsapp-base (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d21050916c0e5222db92b8c6056e3a60fbf54f55cebefb5509a15453c20d68b7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
added 2025/03/25 8:25 a.m.4 views

MAL-2025-2623 Malicious code in corehome (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 835efaf181707862582cf58938ea26bb25e18a1d228269a42b58f12d1c250ca7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
Rows per page
Query Builder