Lucene search
K

126 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added yesterday5 views

Malicious code in ishowfeet11 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 35ad3f426377de0f1898ef51d148062669bd91d3cbae08ffe620af8514fde41e The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSV
OSV
added 2026/07/07 3:6 p.m.7 views

MAL-2026-6925 Malicious code in typescript-base58 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b860a9c4960f55c236ca5e14781f5dcfb60752d4367cb9aeb30762d3b023004e [email protected] is a one-line re-export of the 'base58-core' package. The README advertises 'Zero dependencies' while package.json declares a...

6.1AI score
Exploits0References2
OSV
OSV
added 2026/07/06 6:57 p.m.8 views

MAL-2026-6873 Malicious code in router-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f60a60e68f645bffe7eb5e137979aa6fb6c535c53ee6e13a9fcf01951eb05b55 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 5:6 a.m.8 views

Malicious code in @mastra/e2b (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4951048ee56bb5e6a99f08e3c467615532d3c136918ceb9143cf1934ba4be370 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/06/17 3:11 a.m.9 views

MAL-2026-5939 Malicious code in @mastra/ai-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 98257d70b56e46a3dcd690478b15c54fb55c270db969b777c0cb42bec21ace37 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSV
OSV
added 2026/06/15 11:45 p.m.10 views

MAL-2026-5846 Malicious code in prettier_v2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 52d6c46e6d7e7ba0269dbb3d9725b5943d1b4b94ac2587a5738983cb93d8e1cf Package name 'prettierv2' closely resembles the widely-used 'prettier' formatter package, raising typosquat concerns. The file lib/mirror.js contains...

6.1AI score
Exploits0References2
OSV
OSV
added 2026/06/01 12:0 a.m.7 views

MAL-2026-5112 Malicious code in @redhat-cloud-services/eslint-config-redhat-cloud-services (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

6AI score
Exploits0References2
OSV
OSV
added 2026/05/12 2:56 a.m.9 views

MAL-2026-3522 Malicious code in @uipath/access-policy-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 87fb4a7ca8257b97a21e311c9322a63b2691136e87c6a8ce12cc648890849f76 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References6
OSV
OSV
added 2026/05/12 12:1 a.m.16 views

MAL-2026-3491 Malicious code in @tanstack/start-static-server-functions (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bb21ff47aa0e512d1f67b02a37d160b475e32fcaa76bea381298a976c3bdd673 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/04 12:1 a.m.9 views

Malicious code in @bcs-mi/store (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 32fb1f804a47c0e11e62bab82cc978af199c0517a91965fb2bfd34f226237d34 The package @bcs-mi/store was found to contain malicious code. Source: ghsa-malware cc97afe6281e170826ea8ad4c189a9d5bb874fe69ca97da0e2bbdf327e33ba91...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/04/13 3:25 p.m.3 views

MAL-2026-2589 Malicious code in @mx-shared/utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 80722921f3ba7863b8f28031aa4edf777ce8e270fab10bcead75016a286cb125 The package @mx-shared/utils was found to contain malicious code. Source: ghsa-malware 30ead10eaa18cee42152061c23ee9a84c465e687911f78dd1ae0c613f1c2b1...

5.7AI score
Exploits0References1
OSV
OSV
added 2026/03/22 6:8 p.m.9 views

MAL-2026-2045 Malicious code in @emilgroup/customer-sdk-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0ffdd49f845d5d16e6b17778217c493abdb71d809aa288b93b59e69582119c91 The package @emilgroup/customer-sdk-node was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/16 2:29 p.m.7 views

Malicious code in supplychain-security-demo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2655712e00f8c5bf90b5a945bc60c2fd3c109d2719ec7b161114f86343741ee1 The package supplychain-security-demo was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
OSV
OSV
added 2026/03/16 12:0 a.m.4 views

MAL-2026-1529 Malicious code in require-in-package (npm)

The package 'require-in-package' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

5.6AI score
Exploits0References3
OSV
OSV
added 2026/03/11 1:24 p.m.4 views

MAL-2026-1343 Malicious code in chai-as-flex (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e209e357d41cfd5d03c91f7b03e155685a36191ac79740818656d310c71390fe The package chai-as-flex was found to contain malicious code. Source: ghsa-malware 43ec01f2ce6223022a2f8808fefb3586a644577acb62fbe4184add705f616914 A...

5.7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/11 6:26 a.m.7 views

Malicious code in tailwindcss-animate-framer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c02b4943187c442df05c485194a7946cf3243d4f95240cde866a4efc05fce281 The package tailwindcss-animate-framer was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
OSV
OSV
added 2026/03/02 3:46 p.m.4 views

MAL-2026-1134 Malicious code in ts-big-number (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 644a6ea1bec80a1e6f2dd3ee69a62602237f916e6b2877e126e18d8ef5b7f691 The package ts-big-number was found to contain malicious code. Source: ghsa-malware 490d5033b9169ec80de58a0c2bb8bdbfe435f06200e0b7cc729ce393f2449d40...

5.7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/01/21 4:11 a.m.7 views

Malicious code in torbaileys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10e4b08c935365c992a67e45fd75888de1262836188ca5a0246ba4bae988b713 The package torbaileys was found to contain malicious code. Source: ghsa-malware 477238eba8ca0f2c24ebb88b73089608a73fdc363b248e404b66acc829c0777d Any...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/01/09 3:3 a.m.8 views

Malicious code in yunxohang10 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5afa709f3be67acbb1d69b61e6897f6743d7feb8f9cb31e8b0109223c403858c The package yunxohang10 was found to contain malicious code. Source: ghsa-malware 5d4bc174ce0500df2bcfb0be9787d728083db08a933b9eb56bbe52e1cf37bfd1 An...

6.9AI score
Exploits0References1
OSV
OSV
added 2026/01/09 2:54 a.m.2 views

MAL-2026-171 Malicious code in amdocs-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f8a6af3ffb67d97ff5a166cfa06c9dc841eab5d736ffbbdae5f3a693d7845be2 The package amdocs-core was found to contain malicious code. Source: ghsa-malware 19cbd66c5d36a7bcc61d3202596dea181a2782d867db3ea2cbb0e322f01b99db An...

6.8AI score
Exploits0References1
Rows per page
Query Builder