Lucene search
+L

9219 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/07 6:27 a.m.8 views

Malicious code in express-deflect (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 284d3f4c5f55f69391b1172ba9d2c714e3ae358a2c92a501049a1495547e1588 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/07 6:27 a.m.8 views

Malicious code in chai-spycore (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fbb99516f251bbd13baae5273239a6a04acefea76ddf1a7b06f4b5a328339dae Package republishes the chai-spies Chai plugin source verbatim including original author header under the near-identical name chai-spycore...

6.3AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/07 12:0 a.m.16 views

Malicious code in paperclip-host-utils (npm)

The package 'paperclip-host-utils' is a purpose-built malware package published by the npm account 'srm0rgan' [email protected] as part of a coordinated campaign of fake 'Paperclip' VPS-maintenance adapters siblings: paperclip2, vps-maintenance, vps-maintenance-paperclip-adapter, vps-adapter-cor...

6.2AI score
Exploits0References9
OSV
OSV
added 2026/07/07 12:0 a.m.8 views

MAL-2026-6949 Malicious code in vps-adapter-core (npm)

The package 'vps-adapter-core' is a purpose-built malware package published by the npm account 'srm0rgan' [email protected] as part of a coordinated campaign of fake 'Paperclip' VPS-maintenance adapters siblings: paperclip2, vps-maintenance, vps-maintenance-paperclip-adapter, paperclip-host-util...

6.1AI score
Exploits0References5
OSV
OSV
added 2026/07/06 7:0 p.m.6 views

MAL-2026-6905 Malicious code in winston-prism (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 06134c2a9c642914c91312e4d0184158fda282ec1bb3715fc143e7834993e266 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 6:59 p.m.7 views

Malicious code in twcompose-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 096d151917a14021013de8dbd595466944a677be49ee8ca4b3ed94de63d85cd9 The package's main entry point src/index.js contains heavily obfuscated JavaScript at line 138 using a classic string-array shuffle pattern while!!...

6AI score
Exploits0References3
OSV
OSV
added 2026/07/06 6:59 p.m.10 views

MAL-2026-6899 Malicious code in twcompose-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 096d151917a14021013de8dbd595466944a677be49ee8ca4b3ed94de63d85cd9 The package's main entry point src/index.js contains heavily obfuscated JavaScript at line 138 using a classic string-array shuffle pattern while!!...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 6:59 p.m.7 views

Malicious code in competion (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7977f7cd8dcf35f17c8745de465b35f920055be22dbb883dda7abf2e978ef0e3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 6:58 p.m.8 views

Malicious code in tracing-str (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 466143b5f195d4924e2227921a288954ecec9ed34d52af8ff433056f5ff56903 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/07/06 6:58 p.m.6 views

MAL-2026-6830 Malicious code in color-cli-log (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 43d15f0d189a3dff03fe5549073cad30c2c0d648e6b1b12d1385689c84c6888c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/07/06 6:58 p.m.5 views

MAL-2026-6894 Malicious code in tracing-str (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 466143b5f195d4924e2227921a288954ecec9ed34d52af8ff433056f5ff56903 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 6:58 p.m.7 views

Malicious code in sleek-pretty (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ba44435dd6e0686c11ff8a9e27c60eef2f2fbdbcdbd0c3936d1f07cc78d38090 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 6:57 p.m.7 views

Malicious code in pretty-pino-logger (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c8a3122c1ab14fbe9f5eb55c0b5ba1db0c7b8e47ecc4d935b758d6bf679821e2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/07/06 6:57 p.m.8 views

MAL-2026-6867 Malicious code in pretty-pino-logger (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c8a3122c1ab14fbe9f5eb55c0b5ba1db0c7b8e47ecc4d935b758d6bf679821e2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 6:56 p.m.9 views

Malicious code in pino-pretty-logs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f7864fcfe92b62b2ddc003e696cbe02d18e0979f4336bff4cc9352f318b260fa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/07/06 6:53 p.m.6 views

MAL-2026-6848 Malicious code in log-format-thread (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e034e855661cc792a14908c613b0d3ae31917a99927ddf0db29b1ae173df0cd Package advertises itself as a log formatter but exposes an undocumented threadContent option on createLogger that is forwarded to a worker thread...

6.4AI score
Exploits0References3
OSV
OSV
added 2026/07/06 6:53 p.m.6 views

MAL-2026-6837 Malicious code in eth-tick (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f96638eb8282b1eccbe4d7c1b1076340ac1b870d325856e2ad5415c2bf2737eb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 6:52 p.m.8 views

Malicious code in bootstrap-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d9ac4913fc1ffcabe1ed6637abc6d532abc014683f48b341ece6127a51da15d8 The package's index.js is heavily obfuscated with classic string-array shuffling patterns e.g., while!! loops with repeated 'shift' calls and...

6AI score
Exploits0References2
OSV
OSV
added 2026/07/06 6:52 p.m.6 views

MAL-2026-6816 Malicious code in emojiprint-logger (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f6cbf02130e84c5829369887b3e109fbf7ad94e2fbf4b4b2ca82c28f0059a7ed Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/07/06 6:51 p.m.7 views

MAL-2026-6809 Malicious code in chalk-logger-prettier (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 575cc2964157bd7bee9bc0c7b318af484ea57a2d89a904cd8fe8bf978809f06f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
Rows per page
Query Builder