Lucene search
K

335 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 3:25 p.m.6 views

Malicious code in chalk-ultra (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a219b45c3fdcdb883eeb2c7e74d20060af2c788865e7925f911e40276dcd631 chalk-ultra is published under a name that mimics the widely-used chalk package, but its main is a verbatim copy of nodemailer source and its...

5.9AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/12 8:38 p.m.10 views

Malicious code in chalk-plus-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f5351482f03a50cab8a28b6aa7c992c960a55c6889634d2a04bb86a157ac18d1 Package is published under a name riding the popular chalk color-output library but its source tree, README, main entry lib/nodemailer.js, and lib...

5.3AI score
Exploits0References1
OSV
OSV
added 2026/06/12 8:38 p.m.13 views

MAL-2026-5709 Malicious code in chalk-plus-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f5351482f03a50cab8a28b6aa7c992c960a55c6889634d2a04bb86a157ac18d1 Package is published under a name riding the popular chalk color-output library but its source tree, README, main entry lib/nodemailer.js, and lib...

5.4AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/12 8:36 p.m.11 views

Malicious code in chalk-pro (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ac66dfb6013c32d34c6ce83bdba4628b67539e81df27fe18dcf71d3de05ff8ce Package is published as 'chalk-pro' homepage chalk-pro.com but its main entry is a verbatim copy of nodemailer's API — a typosquat impersonating both...

5.4AI score
Exploits0References2
OSV
OSV
added 2026/06/12 8:36 p.m.14 views

MAL-2026-5711 Malicious code in chalk-pro (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ac66dfb6013c32d34c6ce83bdba4628b67539e81df27fe18dcf71d3de05ff8ce Package is published as 'chalk-pro' homepage chalk-pro.com but its main entry is a verbatim copy of nodemailer's API — a typosquat impersonating both...

5.5AI score
Exploits0References2
OSV
OSV
added 2026/06/12 8:34 p.m.11 views

MAL-2026-5710 Malicious code in chalk-plus-ts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 08276c56353501373a202d28f6af6ee2a7c0b20d28a07d99c4c16309df46269c package.json declares postinstall=node lib/utils/index.js, which spawns a detached child process running lib/utils/smtp-connection/index.js. That...

5.4AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/12 8:34 p.m.13 views

Malicious code in chalk-plus-ts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 08276c56353501373a202d28f6af6ee2a7c0b20d28a07d99c4c16309df46269c package.json declares postinstall=node lib/utils/index.js, which spawns a detached child process running lib/utils/smtp-connection/index.js. That...

5.3AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/26 8:46 a.m.15 views

Malicious code in react-json-chalk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a2b0f9e236c71a3da2c36dd19a90a0a3e096503e79754d25ce2a13eb5d72d77 The package is published as react-json-chalk but its main entry pino.js impersonates the pino logger homepage https://getpino.io, bundled pino source...

6AI score
Exploits0References3
OSV
OSV
added 2026/05/26 8:46 a.m.12 views

MAL-2026-4792 Malicious code in react-json-chalk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a2b0f9e236c71a3da2c36dd19a90a0a3e096503e79754d25ce2a13eb5d72d77 The package is published as react-json-chalk but its main entry pino.js impersonates the pino logger homepage https://getpino.io, bundled pino source...

6AI score
Exploits0References3
OSV
OSV
added 2026/05/20 2:7 a.m.9 views

MAL-2026-4517 Malicious code in chalk-tempalte (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d3e82f6fa2867575be5e57fd3b03dada6a93761c97b240f77f98f4b221bde7a7 Package name chalk-tempalte is a single-character transposition of the popular chalk-template package a top-tier npm utility, consistent with...

5.9AI score
Exploits0References6
Snyk
Snyk
added 2026/05/17 9:0 p.m.16 views

Malicious Package

Overview chalk-tempalte is a malicious package. This package contains malicious code that includes infostealer malware, one of which is a Shai-Hulud clone following the TeamPCP open source release, and one DDoS botnet package. While this package might be attempting to impersonate a valid...

9.8CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/14 7:24 p.m.8 views

MAL-2026-3755 Malicious code in chalk-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d0fe2974289b691a9f5541068f2e399aecb14a719779202ff5999652ffe351db On npm install, postinstall.js runs a credential and cryptocurrency stealer against the installer's machine. It reads /.npmrc extracting authToken an...

5.8AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/14 7:24 p.m.12 views

Malicious code in chalk-pack (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e6eab5e9e696250cc719b36e144f4534cac2b38a25521cda80222b6c66cd64c Package is named chalk-pack impersonating chalk with keywords and index.js impersonating lodash; index.js is a stub that self-describes as 'Just a...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/01 1:46 p.m.8 views

Malicious code in chalk-fancy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b86a641eb2b6239d8a88849df88a1a148fa5380e3c8767dc59915edb295ef5b3 When used, package exfiltrates sensitive environmental variable. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...

5.9AI score
Exploits0References4
OSV
OSV
added 2026/05/01 1:46 p.m.6 views

MAL-2026-3212 Malicious code in chalk-fancy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b86a641eb2b6239d8a88849df88a1a148fa5380e3c8767dc59915edb295ef5b3 When used, package exfiltrates sensitive environmental variable. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...

5.9AI score
Exploits0References4
OSV
OSV
added 2025/12/23 8:40 a.m.4 views

MAL-2025-192903 Malicious code in chalk-thrift (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

6.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/12/23 8:40 a.m.9 views

Malicious code in chalk-thrift (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/12/23 8:40 a.m.9 views

Malicious code in chalk-service (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSV
OSV
added 2025/12/23 8:40 a.m.4 views

MAL-2025-192902 Malicious code in chalk-service (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

6.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/12/23 8:40 a.m.5 views

Malicious code in chalk-hostname (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
Rows per page
Query Builder