Lucene search
K

9118 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/15 11:33 p.m.10 views

Malicious code in chai-smart-assert (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c9c0d75b8077d317728bd396870ad1f297ea11f7a50585421fdf2b888cf3a9f3 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/12 4:11 p.m.12 views

Malicious code in chai-web3-testkit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ecc1472c1964a224051ad01d14dabfdfd3ca26d594fff02fb07192f423238691 The package advertises itself as a Web3.js testing toolkit but its content is copied from the legitimate chai-smart-assert library and a malicious...

6.4AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/12 2:32 p.m.13 views

Malicious code in ecto-spectral-leak-8d4e2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ed80e7979c97935537c82692c1be6aa9fa4880f76b412057e9d8ed7d66af999f On npm install, postinstall.js executes shell commands that enumerate AWS Secrets Manager across regions aws secretsmanager list-secrets followed by...

5.7AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/12 2:32 p.m.16 views

Malicious code in sea-bound-siren (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cd5f2d5cc691968b1bb69f12ea7476c618f6432b42976869906df06312b912c0 On npm install, postinstall.js executes a shell pipeline that collects the output of id, os.hostname, the full process environment env | sort, the...

5.4AI score
Exploits0References24
OSV
OSV
added 2026/06/12 2:32 p.m.9 views

MAL-2026-5692 Malicious code in ecto-win-flag-q2m7 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a6344042aff547b32cf30bc456be25e1229f921217ec0d6777f470174df10792 On npm install, postinstall.js executes a harvest-and-exfiltrate chain against the installer's machine. It reads files under /app, /root, and...

5.4AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/12 2:32 p.m.12 views

Malicious code in ecto-win-flag-q2m7 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a6344042aff547b32cf30bc456be25e1229f921217ec0d6777f470174df10792 On npm install, postinstall.js executes a harvest-and-exfiltrate chain against the installer's machine. It reads files under /app, /root, and...

5.4AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 4:26 p.m.13 views

Malicious code in @johntaohunter/forge-jsx (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2bfdaadccdf8be83d7d73486bbaef607a373bb063881e36a37ef0c0846e701b2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/06/11 4:26 p.m.9 views

MAL-2026-5674 Malicious code in @johntaohunter/forge-jsx (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2bfdaadccdf8be83d7d73486bbaef607a373bb063881e36a37ef0c0846e701b2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 4:23 p.m.13 views

Malicious code in ioredis-orm (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f7edb2baf96d81e8c5e6853e041bc82ed8bab6aa8de5a9c70fa8c90b2ac6fd08 The tarball ships a verbatim copy of the legitimate ioredis Redis client source same layout, same Redis class, identical description text 'A robust,...

6AI score
Exploits0References2
OSV
OSV
added 2026/06/11 2:9 p.m.10 views

MAL-2026-5672 Malicious code in vqlxjmpr (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aeb63fbed71a85092bf04cb120b4d1f19a3edaa74ac1c0cb47ce36f622d0062e Package is published as a generic 'Utility library' under an opaque name vqlxjmpr with no repository or homepage, but its sole exported function...

5.5AI score
Exploits0References6
OSV
OSV
added 2026/06/11 1:54 p.m.12 views

MAL-2026-5655 Malicious code in @hatcha-captcha/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c9a9310a4e2c8c3906b130725a5d8366ccad0df5529428fa9056c62f69f4c3b9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/06/11 1:54 p.m.8 views

MAL-2026-5662 Malicious code in @snowsight/debug-tooling (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8ca444a9a90c96e463edeafef6a8f5ebdcc91dd128361d2b2aa42b6897cc48e7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 1:54 p.m.12 views

Malicious code in @iobeya/spa-auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f9a974281dcc6456d815e6cb8b755c3084c7ba2d4026264474e459681a9a25cb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 1:54 p.m.15 views

Malicious code in @hatcha-captcha/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c9a9310a4e2c8c3906b130725a5d8366ccad0df5529428fa9056c62f69f4c3b9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/06/11 1:54 p.m.10 views

MAL-2026-5663 Malicious code in @tenforce/toolbox-fontmap (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fc43bc0434418226ca77115c791ff0ea0031a0d314e73acfe0a62686528ceaad Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/06/11 1:54 p.m.10 views

MAL-2026-5669 Malicious code in mm-ts-utils-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6f5526f66eb7799c34080dc4e5f938decfa90924772556b159a26eaa3b1c4eb3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/06/11 1:54 p.m.10 views

MAL-2026-5671 Malicious code in sitecore-mm-component-style (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e1e025725001efb60959449e734f39db775cc54e77abb0c97364f7929cf54a8c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/06/11 9:44 a.m.12 views

MAL-2026-5637 Malicious code in tailwindcss-animotion (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 774c1b953da3225f63374a2054512d7715ce872f4a82278fc0954fe3133e7e0b The package's main entry dist/index.cjs, with the same code in src/utils/helper.min.js aliases require to global.r and module to global.m, then...

5.6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 9:35 a.m.11 views

Malicious code in rate-limits-flexible (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 809e7f8796ee45bb12d644bd48e71cbfca430e22d40b06ea0e0437097d131068 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/06/11 9:35 a.m.13 views

MAL-2026-5627 Malicious code in rate-limits-flexible (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f51c182413a9d071e2e2109f7477ff0fb1b05fae4e5e98a46bb53e7d8b2d693b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score
Exploits0References1
Rows per page
Query Builder