Lucene search
K

284 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago5 views

Malicious code in ratelimitsucks10 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1ea43317a905d4e9b4a22dac3a0e325d92493557c5dc6b376f2e05d84d2fb29a The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago8 views

Malicious code in dotnet-runtime-base (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c10c75766303f8c3bf261487e341e537f103116026309006ab71d977aacdd235 The package's postinstall lifecycle script package.json line 7: "postinstall": "node install.js" runs install.js, which on Windows writes a PowerShel...

6.2AI score
Exploits0References3
OSV
OSV
added 2026/07/07 3:46 p.m.10 views

MAL-2026-6932 Malicious code in evm-typechain (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0a78b4d04410e295cbe340c95e6800a0777717d46ce136f0c30b5593d1bd9738 On require, index.js issues an HTTPS GET to https://www.jsonkeeper.com/b/PC5CK, passes the returned JSON cookie field to new Function'require',..., a...

6.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 6:53 p.m.8 views

Malicious code in jsonupper (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d1b0da679706ef488ebbf32e7449d3b4d79fae3bf468f5f167de3f657f75eb2a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/06/29 4:53 p.m.9 views

MAL-2026-6608 Malicious code in @contenteditor-shared/content-editor-common (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d9fc086285355b04152703d1c9de2c2a48e3b70580c5f8cb02fa60918e52f47a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 10:23 a.m.6 views

Malicious code in rapidsearch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a5b7fbd87a3c4bf6ff1e7b748244b062b46f850a7f7e034bd460c17668fa99c5 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 3:11 a.m.10 views

Malicious code in @mastra/pg (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a70008c61b1e4ef205086d9fbbeb0435c8cee10e414626617fec6b946d45c84 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/08 9:27 a.m.12 views

Malicious code in regexp-ts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9828b4712ac404ec6f143f9c3115eb73ccd4418bab9cb17327ae325d488954e1 regexp-ts masquerades as the pino logger description, keywords, and module.exports.pino export but is actually a remote-code-execution loader. When a...

5.6AI score
Exploits0References2
OSV
OSV
added 2026/04/13 3:25 p.m.6 views

MAL-2026-2581 Malicious code in @dtc-campaign-wizard/campaign-wizard (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 99f551e16bdd57ec65154ddd0b1ebe5a701abe98d86f25490fb3c36b19e9fa41 The package @dtc-campaign-wizard/campaign-wizard was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/31 2:56 p.m.9 views

Malicious code in tailwindcss-typeface-inter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a3a4cecee37faea4489bd810f6d044cde9205a74e0c225bef7b07cbbe207eb88 The package tailwindcss-typeface-inter was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/03/23 1:47 p.m.5 views

MAL-2026-2099 Malicious code in sfx-event-bridge (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2ed3495e868bcd1db85182332d575437978593cda12ceca6ab4acf1c4b28accf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/20 4:52 a.m.7 views

Malicious code in rollup-plugin-polyfill-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 985c6e7bc0975c513137b35a6dca07cf02aa2b87444716244933ca17d56c6bd2 The package rollup-plugin-polyfill-utils was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
OSV
OSV
added 2026/03/16 2:49 p.m.5 views

MAL-2026-1469 Malicious code in n8n-nodes-format-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3b8b8fc0a97b9f9e3203a35534d7ff6518dbe0e53753093610315382e5f40b0e The package n8n-nodes-format-utils was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/16 12:37 a.m.8 views

Malicious code in graphql-request-dom (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12e85257ce18204d98a8a6181fa40a75d7feb91477b98f6b86ba89223a9f4e51 The package graphql-request-dom was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
OSV
OSV
added 2026/03/16 12:0 a.m.4 views

MAL-2026-1565 Malicious code in transform-export-extensions (npm)

The package 'transform-export-extensions' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

5.6AI score
Exploits0References3
OSV
OSV
added 2026/03/16 12:0 a.m.3 views

MAL-2026-1575 Malicious code in transform-typescript (npm)

The package 'transform-typescript' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

5.6AI score
Exploits0References3
OSV
OSV
added 2026/03/16 12:0 a.m.9 views

MAL-2026-1509 Malicious code in transform-remove-debugger (npm)

The package 'transform-remove-debugger' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

5.6AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/03 6:54 a.m.8 views

Malicious code in polymarket-trade-bot-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1202bbcaa78670992217c3ebaa55bb6edc17c6cb454209114639b680032d068f The package polymarket-trade-bot-api was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/02/24 2:44 p.m.9 views

Malicious code in es1int-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 09abead9af9906c0579f5cce39e4e75fd445a6edaa1a5380db01ad7dd1e274f8 The package es1int-config was found to contain malicious code. Source: ghsa-malware 3eb94b9e72fc93f339c87b961f88c598fb78ecd2d5e4aad405d17c7eb3d513b2...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/02/20 4:59 p.m.9 views

Malicious code in yarsg (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9c2ed8a6379e9f5833efbabb80221cc55ce3456a95d14c77ede9ab581bd8f577 The package yarsg was found to contain malicious code. Source: ghsa-malware 71a7932af2640f624c7daef39143653ecaa9d843bda52f61c22687210fc9961d Any...

5.6AI score
Exploits0References1
Rows per page
Query Builder