Lucene search
+L

67 matches found

ossf
ossf
added 3 days ago5 views

Malicious code in abuden219 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1de0c667d7c3cbfd4c96728443db8ac059d53487498341bd937cf2aaf738574a The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
ossf
ossf
added 3 days ago6 views

Malicious code in imillegal3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 390cc6f70ea2d87c44d68b9d62410d2ea485b64778bd536a1733503789c42d07 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
ossf
ossf
added 2026/07/07 12:0 a.m.10 views

Malicious code in vps-adapter-core (npm)

The package 'vps-adapter-core' is a purpose-built malware package published by the npm account 'srm0rgan' [email protected] as part of a coordinated campaign of fake 'Paperclip' VPS-maintenance adapters siblings: paperclip2, vps-maintenance, vps-maintenance-paperclip-adapter, paperclip-host-util...

6.1AI score
Exploits0References5
ossf
ossf
added 2026/07/06 6:57 p.m.8 views

Malicious code in secure-box (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1fac79042697157915144f205c342b79f8a019218c45580224a85c045c03fea9 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References3
ossf
ossf
added 2026/06/09 3:10 p.m.14 views

Malicious code in enquriers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c7f041bb6800c0c765683543b18f204299e64265c3d9124c54f7f0169b53348 Package name 'enquriers' closely resembles the widely-used 'enquirer' package transposed/added characters, suggesting potential name-confusion risk. ...

6.3AI score
Exploits0References3
osv
osv
added 2026/06/09 2:17 p.m.10 views

MAL-2026-5380 Malicious code in @doaction/sudo-prompt (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e989180180ebba42b05f086cda01159058a0a9ccca3c4beb95f3e5a31430dfe6 @doaction/sudo-prompt shares the name of the widely-used unscoped sudo-prompt package but contains none of its privilege-escalation functionality. Th...

6.2AI score
Exploits0References3
osv
osv
added 2026/06/03 1:43 p.m.11 views

MAL-2026-5175 Malicious code in webpack-json (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware abd3559fc62e362d5e4d5068126317096f7e2e483d97bba9f59e192a9d49a363 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
ossf
ossf
added 2026/06/01 12:0 a.m.19 views

Malicious code in @redhat-cloud-services/rule-components (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

6AI score
Exploits0References2
ossf
ossf
added 2026/04/13 3:25 p.m.5 views

Malicious code in dwaiter-company-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 602a450ab8f9d48b5e7ca03f6e4cf89803a6f1a0e6e35d453c92e59143096577 The package dwaiter-company-web was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
ossf
ossf
added 2026/04/01 11:23 a.m.9 views

Malicious code in mcp-server-todo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5f426e9e8a841f37f765614c031a1b4f56bb7ee1c8d5ed51b2aeb27a261edce9 The package mcp-server-todo was found to contain malicious code. Source: ghsa-malware d2e2326574c0d2811c6c20ff1523ad04fc4bdb6f062080751acdca4a592c68b...

5.8AI score
Exploits0References1
osv
osv
added 2026/03/26 12:57 a.m.5 views

MAL-2026-2229 Malicious code in @zecho/libsignal (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d8ee9faec3b25e7b043ecc51372ef854bf184e2ff001aab3599a53f7ea006e98 The package @zecho/libsignal was found to contain malicious code. Source: ghsa-malware 772f0780752f36a5549cdf7522ace0d3374d4bdbd45e94dfe1f0407b40a117...

5.8AI score
Exploits0References1
osv
osv
added 2026/03/23 1:47 p.m.4 views

MAL-2026-2097 Malicious code in puzzle-render-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5c63be86e7f93cd0f5f6663aa57978a4c6ff6b497ef1aafcddcdbea71e25fa02 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
osv
osv
added 2026/03/20 4:49 a.m.4 views

MAL-2026-1944 Malicious code in couplus-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c0c78a6293dc26a858801e92b94142c0fb6ab09c558b39900095be8a8aef9a52 The package couplus-cli was found to contain malicious code. Source: ghsa-malware 469c68fc4282e268dbe121670070e4a148ec18adaad72317ca06de47eed59217 An...

5.7AI score
Exploits0References1
osv
osv
added 2026/03/13 10:37 a.m.3 views

MAL-2026-1413 Malicious code in brlc-base (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d4e1d5bf92d7953e1333f3d575ad749dc56b9914ae64813b2e9753a0718a2882 The package brlc-base was found to contain malicious code. Source: ghsa-malware c50e966389745dbbf1f8c81e6b0e19db8d01502091437c4148cde8991e9e314d Any...

5.7AI score
Exploits0References1
osv
osv
added 2026/03/02 3:48 p.m.3 views

MAL-2026-1131 Malicious code in ngaturkids (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d589b956682ee26f10996c8dd1b6050d8b9e74e7084a46d8f37ab95f7f7fc3fa The package ngaturkids was found to contain malicious code. Source: ghsa-malware 0dc4b2edbc73fc30831d28dd9a701e650e00edefc7938de256932daff4c42577 Any...

5.7AI score
Exploits0References1
osv
osv
added 2026/03/02 2:22 a.m.7 views

MAL-2026-1103 Malicious code in bee-quarl (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b90e7b3eadcb23e766223167d16f561fd64fe44ec63f6e77afefe38966da2fec The package bee-quarl was found to contain malicious code. Source: ghsa-malware 642b83461b49019b47d27820b1dbaed267f2365eecf5fc74467d02192ec662aa Any...

5.7AI score
Exploits0References1
osv
osv
added 2026/02/24 2:1 p.m.4 views

MAL-2026-1009 Malicious code in express-soaps (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 11b77454b492585237ca44534f8c75ca1428979238d5badb6e7f86f99ec9d88a The package express-soaps was found to contain malicious code. Source: ghsa-malware cd65d37fecf812cffa4141b215b29a24bf83aa9b1052aba67c566690e710a0c2...

5.9AI score
Exploits0References1
ossf
ossf
added 2026/02/13 1:57 p.m.7 views

Malicious code in wropz-module (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 48a8b0a5b3f12323a6bbc3014fa023b370236b8874253a47ed61930d4bbcee4d The package wropz-module was found to contain malicious code. Source: ghsa-malware fbe5a4f55692f6a9db6c052776dc2fcfd3825f7da077f3e45b67466cd4059bd0 A...

5.6AI score
Exploits0References1
ossf
ossf
added 2026/02/05 1:6 a.m.8 views

Malicious code in tailwindcss-animation-modern (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c6fbd472c63dae399a454decb6c6c097b7ae23766e0962ec081f0ad685ea451 The package tailwindcss-animation-modern was found to contain malicious code. Source: ghsa-malware...

5.4AI score
Exploits0References1
osv
osv
added 2026/01/27 8:11 a.m.7 views

MAL-2026-535 Malicious code in knex.js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 04fcb32607ead73fe3f1c4443e807ae1deec8bda92999d19da73075af9d61805 The package knex.js was found to contain malicious code. Source: ghsa-malware a1c9b559496940535edc51721d08a3fccda2739e33e34028d59d97b305452aba Any...

5.8AI score
Exploits0References1
Rows per page
Query Builder