Lucene search
K

4 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/05 12:53 a.m.57 views

Malicious code in ai-sdk-ollama (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 19f3e848ffd678e29b96aec1a0aa02dcdcb7c3c5f58bc357ee3b3483b395577d The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References7
vulnersOsv
vulnersOsv
added 2026/06/02 9:0 p.m.7 views

@arc-laboratories/arclocale-compiler (=0.2.0-alpha.8), @iharkharytanovich/found (>=0.1.1 <=0.1.4) +8 more potentially affected by unknown CVE via ai-sdk-ollama (>=3.0.0 <=3.8.4)

ai-sdk-ollama NPM version =3.0.0, =0.1.1, =0.1.5, =0.4.2-canary-0ba39cdeb6, =0.1.303, =0.1.303, =0.1.303, =0.1.303, =0.4.2, =0.1.5, =1.1.0 Source cves: unknown CVE Source advisory: SNYK:JS-AISDKOLLAMA-17146454...

5.7AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/06/02 9:0 p.m.9 views

@easbot/ollama-sdk (=0.1.0) potentially affected by unknown CVE via ai-sdk-ollama (=2.2.0)

ai-sdk-ollama NPM version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on ai-sdk-ollama and may be impacted: - @easbot/ollama-sdk =0.1.0 Source cves: unknown CVE Source advisory: SNYK:JS-AISDKOLLAMA-17146454...

5.5AI score
Exploits0
Snyk
Snyk
added 2026/06/02 9:0 p.m.8 views

Embedded Malicious Code

Overview ai-sdk-ollama is a Vercel AI SDK Provider for Ollama using official ollama-js library Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attemp...

9.8CVSS5.6AI score
Exploits0References2
Rows per page
Query Builder