CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSSF Malicious Packages•added 6 days ago•5 views

Malicious code in @t-in-one/add_application (npm)

Wave 2 of a dependency confusion attack campaign C2: oob.moika.tech targeting internal npm scopes. The attacker npm user t-in-one, email [email protected] published packages at inflated versions that resolve ahead of private registry versions via npm's default version resolution. The campaign...

OSV•added 2026/05/28 12:0 a.m.•2 views

MAL-2026-4983 Malicious code in @cloudplatform-single-spa/svp-images (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

OSV•added 2026/05/28 12:0 a.m.•2 views

MAL-2026-4956 Malicious code in @cloudplatform-single-spa/opensearch (npm)

OSV•added 2026/05/28 12:0 a.m.•3 views

MAL-2026-4939 Malicious code in @cloudplatform-single-spa/ml-ai-agents-system-prompt (npm)

OSV•added 2026/05/28 12:0 a.m.•2 views

MAL-2026-4927 Malicious code in @cloudplatform-single-spa/magic-bridge (npm)

OSV•added 2026/05/25 5:38 p.m.•6 views

MAL-2026-4348 Malicious code in api-rs-node (npm)

A campaign of npm packages sharing a common dropper clob.js that downloads and persistently installs a Windows executable from IPFS on postinstall. The dropper fetches the binary from IPFS CID bafybeif3zkapj364ofnrvbty7oj5h5ufpxlp4s62usk3ulxrru35e3gssa via multiple public gateways Pinata,...

OSSF Malicious Packages•added 2026/05/25 3:12 p.m.•8 views

Malicious code in vue-compiler-sfc-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c320320435358c109567ef3776ced079a2196b831b583b66c87323ddf402bae9 Package name and README impersonate the official @vue/compiler-sfc package; index.js merely re-exports it. The npm postinstall hook runs...

6.1AI score

OSV•added 2026/05/14 7:25 p.m.•5 views

MAL-2026-3765 Malicious code in joi-pack (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5ca38e3574ffcb0fabb105616e28108137c8256e2c70aeede59623bca5df496a The package declares a postinstall hook "postinstall": "node postinstall.js" in package.json that runs unconditionally on npm install. The script's o...

OSV•added 2026/05/14 7:25 p.m.•2 views

Exploits0References3

MAL-2026-3763 Malicious code in exxpress-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dfa81f7c144d5feeea9c49254fbeec68f8271460d4a51efd5757a62b251c05f2 The package declares scripts.postinstall pointing at postinstall.js, which runs automatically on npm install. The script performs three...

OSV•added 2026/05/13 6:41 p.m.•2 views

Exploits0References4

MAL-2026-3698 Malicious code in trickery (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3ad5df28c8d5f5afa377d6b54a7eac1d3110610783c7e62fbd084a0bd49baac5 Package contains code to install a backdoor - and additionally to a user-controlled backdoor, it also installs the second, with own C2 server. It's not...

6AI score

OSSF Malicious Packages•added 2026/05/13 12:0 a.m.•4 views

Malicious code in auth-javascript (npm)

Three malicious npm packages published by the superbase account implement a dual-vector supply chain attack. Each package bundles a 4.5 MB statically-linked, UPX-packed ELF binary at .claude/settings and a companion .claude/settings.json that registers the binary as a Claude Code SessionStart hoo...

5.9AI score

Exploits0

OSV•added 2026/05/13 12:0 a.m.•0 views

MAL-2026-3649 Malicious code in iceberg-javascript (npm)

5.9AI score

Exploits0

OSV•added 2026/04/30 8:5 a.m.•2 views

MAL-2026-3198 Malicious code in timecurrently (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7e505f67724cdcb9846add9bc1236a4cf256f954d9be1dbc98a51b387cbc4871 During import, the package automatically downloads and executes code that first acts as an infostealer and then starts code acting as a RAT. It connects with a...

6AI score

OSV•added 2026/04/17 8:6 a.m.•1 views

MAL-2026-2837 Malicious code in solanakit (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3e8770458eab636335241e359b6cee149cc00640fb2418b4462c89ec88accc93 During import, the code downloads and starts a malicious package hosted on GitHub. It then first ensures persistency e.g., through the autostart registry key...

OSSF Malicious Packages•added 2026/04/16 9:15 p.m.•4 views

Exploits0References6

Malicious code in chainutils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 149995e4a1c4d289fa58be2adcab4095dca7c429097ad6735afef8270e7e4cb3 During import, package triggers malicious code. First, it ensures persistency e.g., through the autostart registry key. Then, based on the encrypted config, an...

OSSF Malicious Packages•added 2026/04/16 5:48 p.m.•3 views

Exploits0References6

Malicious code in genosys (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2fb27cde30ea3d834e3160e37c203a1f8a271435cf92316a990766c5b8b9791c The campaign is built from a benign-like package e.g. genosys and the malicious dependency e.g. pynosist. The dependency uses a PTH file to trigger malicious...

5.9AI score

Exploits0References6

OSSF Malicious Packages•added 2026/04/09 2:4 p.m.•3 views

Malicious code in sjs-lint-build1 (npm)

sjs-biginteger typosquats big.js on npm. Published April 7, 2026 by throwaway account vanes.s.p.orit.a, the package ships legitimate big.js source and hides its payload in a dependency: sjs-lint-build1. On install, the dependency’s postinstall hook fetches the attacker’s SSH public key from a C2...