Lucene search
K

52 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago7 views

Malicious code in eth-react-redirection (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cbd414dae34760c2eda09d2093a62a14d694f759350676e88229319a16594e78 On require, index.js calls callCallerAsOrigin which spawns lib/caller.js as a detached, stdio-ignored child process spawnprocess.execPath, script,...

6.2AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 12:0 a.m.5 views

Malicious code in tme-error (npm)

The tme-error package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization a 'tme' internal...

6.1AI score
Exploits0References3
OSV
OSV
added 2026/07/01 8:28 p.m.6 views

MAL-2026-6721 Malicious code in ts-eslint-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e5bbed232e0268a791ce846260ce170342eec359bf1a7e84b9514767d77803a1 The package's index.js defines run/fromstr that recursively walk process.cwd and match files named.env, env, id.json, config.json, config.toml,...

6AI score
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/01 8:28 p.m.8 views

Malicious code in ts-eslint-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e5bbed232e0268a791ce846260ce170342eec359bf1a7e84b9514767d77803a1 The package's index.js defines run/fromstr that recursively walk process.cwd and match files named.env, env, id.json, config.json, config.toml,...

6AI score
Exploits0References6
OSV
OSV
added 2026/06/23 2:46 p.m.9 views

MAL-2026-6303 Malicious code in react-simple-utils-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 038aa6bccd8008fec1f309d718e53dd4b89e4ca15a976c6a80652e0dd58a5b58 Package advertises itself as 'a simple date formatting utility for React projects' 3-function index.js, but ships a postinstall.js that runs on every...

5.9AI score
Exploits0References19
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 2:46 p.m.8 views

Malicious code in react-simple-utils-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 038aa6bccd8008fec1f309d718e53dd4b89e4ca15a976c6a80652e0dd58a5b58 Package advertises itself as 'a simple date formatting utility for React projects' 3-function index.js, but ships a postinstall.js that runs on every...

5.9AI score
Exploits0References19
OSV
OSV
added 2026/06/17 7:9 p.m.8 views

MAL-2026-6075 Malicious code in opt-archetype-check (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6497b3f44c017bc9ba783cd75e17d4992f79542d8819558da92e152ee4d4471e On npm install, the package's postinstall hook executes node index.js, which collects the installer's public IP via api.ipify.org, hostname, username...

5.9AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 7:9 p.m.13 views

Malicious code in opt-archetype-check (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6497b3f44c017bc9ba783cd75e17d4992f79542d8819558da92e152ee4d4471e On npm install, the package's postinstall hook executes node index.js, which collects the installer's public IP via api.ipify.org, hostname, username...

5.9AI score
Exploits0References4
OSV
OSV
added 2026/06/17 5:4 p.m.13 views

MAL-2026-6067 Malicious code in scan-only (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a7779ff21d9783e1026e13a7abf65e448c5f3d3d111f3cae539f3690e53a2b4 The CLI binary at bin/scan-only.js, when invoked e.g., via npx scan-only --diagnose, harvests installer-side secrets and ships them to a hardcoded...

6.2AI score
Exploits0References14
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/15 8:8 p.m.11 views

Malicious code in ogd-platform (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f17f2c263db2adee12698bd9046668b9b674bcdf063b959f54841914a6028931 The package contains only a package.json with a preinstall lifecycle script and ships no actual functionality despite advertising itself as an 'Open...

5.4AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/15 7:24 p.m.15 views

Malicious code in vend-utilities (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 89ed34c4d09a0f8bb373f141d18157203eb73efec9461434a7957dfe17ba72f1 package.json declares preinstall: node index.js, causing index.js to run automatically on npm install. The script collects installer host identity...

5.4AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/15 5:23 p.m.11 views

Malicious code in flowdefi (npm)

flow/surf-lending DeFi cred-exfil campaign sibling c1655. preinstall node index.js || true exfils env secrets to raw C2 2.25.140.71:8443/surflending/npm-confusion verified identical. No-renotify. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...

5.4AI score
Exploits0References3
OSV
OSV
added 2026/06/15 5:23 p.m.9 views

MAL-2026-5808 Malicious code in surf-lending (npm)

Sibling of [email protected] campaign C2 path /surflending/. Sentinel-9.9.9 dep-confusion squat; preinstall node index.js || true exfils env secrets mnemonic/key/token/blockfrost to raw C2 2.25.140.71:8443/surflending/npm-confusion. c913 + c252. --- -= Per source details. Do not edit below this...

5.4AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/15 5:23 p.m.21 views

Malicious code in surf-lending (npm)

Sibling of [email protected] campaign C2 path /surflending/. Sentinel-9.9.9 dep-confusion squat; preinstall node index.js || true exfils env secrets mnemonic/key/token/blockfrost to raw C2 2.25.140.71:8443/surflending/npm-confusion. c913 + c252. --- -= Per source details. Do not edit below this...

5.4AI score
Exploits0References3
OSV
OSV
added 2026/06/15 3:10 p.m.10 views

MAL-2026-5781 Malicious code in portal-backend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c5aca21d0e952f5ba313432cf5d47e41f185d19e65d894a005cce20be90d4985 On npm install, the package's preinstall hook executes postinstall.js, which enumerates process.env and filters keys matching a broad credential-shap...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/13 7:0 a.m.14 views

Malicious code in node-stack-frames (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5fd4f6c5f3278484d99f6ffffc001cf920dcb0fa4fdfabff957a61c3cfbfc158 package.json declares a preinstall script that runs an inline Node program on npm install. The script requires os and http, collects os.hostname,...

5.4AI score
Exploits0References1
OSV
OSV
added 2026/06/11 7:16 a.m.12 views

MAL-2026-5598 Malicious code in 0x2ai-demo9x (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e796c3398589b92ecd70f45bc41128101313dd07adeb0634199ac3fef59d19d On npm install, scripts/postinstall.cjs copies the package's payload/ tree into the installer's project root process.env.INITCWD without consent,...

5.4AI score
Exploits0References1
OSV
OSV
added 2026/06/11 6:52 a.m.25 views

MAL-2026-5609 Malicious code in clean-my-pc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8139d8347bc83b12e276e481509aaca6af69adff21f7df1658a6eeadd31562f6 The package's collect.js imports childprocess, fs, http, https, and os, gathers host identifiers via os.hostname and os.homedir, reads files from the...

5.5AI score
Exploits0References6
OSV
OSV
added 2026/06/11 5:10 a.m.14 views

MAL-2026-5572 Malicious code in sendgrid-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 08f1d48bc557c6afa69c74455fe35f34ed0992082dc30fc09d032523d2329f63 Package impersonates the official SendGrid npm packages @sendgrid/ but ships no SDK functionality — index.js exports an empty object. Its sole purpos...

5.4AI score
Exploits0References9
OSV
OSV
added 2026/06/11 5:0 a.m.10 views

MAL-2026-5561 Malicious code in @bestlzk/sectest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0cfce552ac72417ec7db2c48e0e13b1d060007167e82bd0f9b10799efe85e7f4 On npm install, postinstall.js collects platform, Node version, current working directory, and OS username, then POSTs them as JSON to...

6.4AI score
Exploits0References1
Rows per page
Query Builder