Lucene search
+L

1242 matches found

ossf
ossf
added 2026/06/23 8:18 p.m.12 views

Malicious code in triage-bot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2ef2bb10931626a345e1277463f9c2ec6ca36108c2d6131c9210707ea5692a64 package.json declares preinstall: node index.js, so the payload runs automatically on npm install with no user action. index.js requires os, fs, and...

5.9AI score
Exploits0References2
osv
osv
added 2026/06/23 8:18 p.m.5 views

MAL-2026-6346 Malicious code in triage-bot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2ef2bb10931626a345e1277463f9c2ec6ca36108c2d6131c9210707ea5692a64 package.json declares preinstall: node index.js, so the payload runs automatically on npm install with no user action. index.js requires os, fs, and...

5.9AI score
Exploits0References2
osv
osv
added 2026/06/23 3:24 p.m.5 views

MAL-2026-6302 Malicious code in hashd-edu (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0f8480ae1ab46f8b6f61848c271af2819d88644df8d8f36b04b458103c5d5454 The package ships a full remote-shell backdoor that fires both at install time and at module load time. postinstall.js forks itself as a detached...

6.1AI score
Exploits0References6
ossf
ossf
added 2026/06/23 2:10 p.m.12 views

Malicious code in kdrive-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e7d5af5ddf22d4481fca4847a45189e6160a723341b32dcbb6bf51b49f53943 package.json declares a preinstall lifecycle script that auto-executes on npm install and runs wget -q -O-...

5.8AI score
Exploits0References2
osv
osv
added 2026/06/23 2:10 p.m.12 views

MAL-2026-6295 Malicious code in kdrive-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e7d5af5ddf22d4481fca4847a45189e6160a723341b32dcbb6bf51b49f53943 package.json declares a preinstall lifecycle script that auto-executes on npm install and runs wget -q -O-...

5.8AI score
Exploits0References2
osv
osv
added 2026/06/19 6:48 a.m.16 views

MAL-2026-6196 Malicious code in build-tracker-n5p1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e731775fde27ad6db493d20397b27eee9b4a6ea0bf515f9516cc974ea3e12619 Package name suggests build telemetry tooling, but the tarball ships beacon scripts beacon18.js, beaconlinux.js wired to a postinstall lifecycle hook...

5.8AI score
Exploits0References2
ossf
ossf
added 2026/06/19 6:48 a.m.17 views

Malicious code in build-tracker-n5p1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e731775fde27ad6db493d20397b27eee9b4a6ea0bf515f9516cc974ea3e12619 Package name suggests build telemetry tooling, but the tarball ships beacon scripts beacon18.js, beaconlinux.js wired to a postinstall lifecycle hook...

5.8AI score
Exploits0References2
ossf
ossf
added 2026/06/18 10:31 p.m.14 views

Malicious code in node-vfs-polyfill (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fb213e524ed75dcb54961d6d2ee9431ea6a32f4fdcb9d777bc260102920d81b On install, postinstall.js executes automatically and exfiltrates host reconnaissance data to attacker-controlled subdomains on oastify.com Burp...

5.8AI score
Exploits0References3
osv
osv
added 2026/06/18 3:55 a.m.12 views

MAL-2026-6091 Malicious code in datacamp-light (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4dbdcc4ef12aca6461f8e765976a7b2b33099a1791a7aee7e353371b7954a91c Package impersonates the DataCamp brand while shipping near-empty stub exports index.js init/helper return trivial constants. The postinstall lifecyc...

5.8AI score
Exploits0References2
ossf
ossf
added 2026/06/17 7:9 p.m.13 views

Malicious code in opt-archetype-check (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6497b3f44c017bc9ba783cd75e17d4992f79542d8819558da92e152ee4d4471e On npm install, the package's postinstall hook executes node index.js, which collects the installer's public IP via api.ipify.org, hostname, username...

5.9AI score
Exploits0References4
osv
osv
added 2026/06/17 4:43 a.m.8 views

MAL-2026-5981 Malicious code in metrics-probe-64b2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cae901b673ee21724897f69c782eb2808c55c2722bacc9912a4a3e60f7019883 package.json declares a postinstall hook "postinstall": "node run.js" that executes run.js automatically on every npm install. run.js imports os, fs,...

5.5AI score
Exploits0References2
ossf
ossf
added 2026/06/17 4:42 a.m.15 views

Malicious code in pkg-telemetry-r4f9 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector decf727db779a7cc4017b0bd8000f9fb40bcc5c6d93b016144a94e245886ea4e On install, package.json's postinstall hook runs node run.js, which loads beacon scripts that combine childprocess, os, and http modules to collect...

5.5AI score
Exploits0References2
osv
osv
added 2026/06/17 4:42 a.m.12 views

MAL-2026-5990 Malicious code in pkg-telemetry-r4f9 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector decf727db779a7cc4017b0bd8000f9fb40bcc5c6d93b016144a94e245886ea4e On install, package.json's postinstall hook runs node run.js, which loads beacon scripts that combine childprocess, os, and http modules to collect...

5.6AI score
Exploits0References2
osv
osv
added 2026/06/17 4:41 a.m.8 views

MAL-2026-5992 Malicious code in runtime-metrics-w7k2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9c2062a3f2564ced7261d9b8be8a49e11117bd74ffe3e92aad6029c471921e2d Package declares a postinstall hook "postinstall": "node run.js" that fires automatically on npm install. The tarball ships beacon scripts beacon18.j...

5.4AI score
Exploits0References2
ossf
ossf
added 2026/06/17 4:41 a.m.12 views

Malicious code in runtime-metrics-w7k2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9c2062a3f2564ced7261d9b8be8a49e11117bd74ffe3e92aad6029c471921e2d Package declares a postinstall hook "postinstall": "node run.js" that fires automatically on npm install. The tarball ships beacon scripts beacon18.j...

5.4AI score
Exploits0References2
ossf
ossf
added 2026/06/17 4:41 a.m.12 views

Malicious code in npm-sandbox-ping-r9t2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 335649d395a44d7de1bc6343dbce1f0459414ef92ab149413a86b47e28f3c7c3 package.json declares a postinstall hook "postinstall": "node run.js" that auto-executes on install. The package ships beacon scripts beacon14.js,...

5.6AI score
Exploits0References2
osv
osv
added 2026/06/17 4:41 a.m.12 views

MAL-2026-5986 Malicious code in npm-sandbox-ping-r9t2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 335649d395a44d7de1bc6343dbce1f0459414ef92ab149413a86b47e28f3c7c3 package.json declares a postinstall hook "postinstall": "node run.js" that auto-executes on install. The package ships beacon scripts beacon14.js,...

5.7AI score
Exploits0References2
ossf
ossf
added 2026/06/17 4:24 a.m.10 views

Malicious code in canary-ci-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a572fd7ffa39ecc1ba62c71d1dfe31722bfbe0c4118b7ab8400c1d5f4a61ba0f On npm install, the package's postinstall lifecycle script postinstall.js collects installer-side host identifiers — os.hostname, os.userInfo.usernam...

6.1AI score
Exploits0References2
osv
osv
added 2026/06/17 4:24 a.m.10 views

MAL-2026-5972 Malicious code in canary-ci-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a572fd7ffa39ecc1ba62c71d1dfe31722bfbe0c4118b7ab8400c1d5f4a61ba0f On npm install, the package's postinstall lifecycle script postinstall.js collects installer-side host identifiers — os.hostname, os.userInfo.usernam...

6.1AI score
Exploits0References2
ossf
ossf
added 2026/06/16 10:30 p.m.14 views

Malicious code in backoffice-charges-module (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 047eb92a0e8bb401b2c205765616c9b4b715ee7cfd33d2e6ef9dc8d645b77f04 On every npm install, the preinstall lifecycle script node index.js /dev/null 2&1 silently HTTPS-POSTs a JSON payload to https://avamnrwqo7.rbmock.de...

5.8AI score
Exploits0References4
Rows per page
Query Builder