Lucene search
K

7 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 2:5 p.m.13 views

Malicious code in signup-embedder (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c48f398f700b78d1893db4570d5d6f16985d937ee79677aab97e673a1cf86e7e [email protected] ships preinstall.js and postinstall.js lifecycle scripts that auto-execute on npm install. preinstall.js collects...

5.8AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 2:1 p.m.6 views

Malicious code in hs-locale-management (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2adb7ba5ebcb66930ae574353088696c939ed6e677c12437e78de7166e96b932 Package self-identifies in package.json as a dependency-confusion proof-of-concept targeting HubSpot's internal hs-locale-management namespace,...

6.1AI score
Exploits0References4
OSV
OSV
added 2026/06/15 11:26 a.m.11 views

MAL-2026-5830 Malicious code in unico-check (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1945d7aee54e60800e30f150e6db8042fa3aee9ea99f6b5a4ab14e2a1c26571d package.json declares a preinstall lifecycle hook that runs curl against https://webhook.site/fe1246c2-ac04-4493-b223-fe34ba26b79f, passing the...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/13 2:10 a.m.21 views

Malicious code in @ci-lifecycle-test/postinstall-ping (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 75c160ad40a237c1e682c696ebd0aec2861ca072f47bd5b725bc80f7f95ed509 The package's postinstall lifecycle script postinstall.js executes automatically on npm install and POSTs the JSON-serialized contents of the entire...

5.5AI score
Exploits0References1
EUVD
EUVD
added 2026/06/12 9:0 p.m.9 views

EUVD-2026-36591

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleMember user can create a scheduled cron task with Cover=CronCoverAll, Servers= and an arbitrary Command. At every tick of the scheduler, the dashboard...

9.9CVSS5.4AI score0.00339EPSS
Exploits1References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/25 7:2 p.m.13 views

Malicious code in happy-dlscord.js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2d183bf51c0f2be0102a7a7aeeda661f895e3b075f183d76d5f0f77c09c70860 The package name 'happy-dlscord.js' is a one-character edit of the top-tier npm package 'discord.js' and ships a near-verbatim fork of the upstream...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/25 2:44 a.m.16 views

Malicious code in your-unique-package-name1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a82d9cce1cd5cae0e9bae039dc08eccc18ec4494b182d11ab35c25ac4496d34 On import in a browser context, index.js creates a hidden iframe pointing at https://www.pendo.io/?builder.frameEditing=true and postMessages a...

5.8AI score
Exploits0References1
Rows per page
Query Builder