Lucene search
K

13 matches found

Snyk
Snyk
added 2026/05/11 9:0 p.m.10 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

9.8CVSS6AI score0.02342EPSS
Exploits3References2
Snyk
Snyk
added 2026/03/12 4:23 p.m.2 views

Malicious Package

Overview no-type-assertion is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior The...

9.8CVSS5.9AI score
Exploits0References3
Snyk
Snyk
added 2026/03/12 4:23 p.m.3 views

Malicious Package

Overview dazaar-cli is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior The package...

9.8CVSS5.9AI score
Exploits0References3
Snyk
Snyk
added 2026/03/12 4:23 p.m.2 views

Malicious Package

Overview prefer-let is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior The package...

9.8CVSS5.9AI score
Exploits0References3
Snyk
Snyk
added 2026/03/12 4:23 p.m.2 views

Malicious Package

Overview syntax-function-bind is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior The...

9.8CVSS5.9AI score
Exploits0References3
Snyk
Snyk
added 2026/03/12 4:23 p.m.2 views

Malicious Package

Overview lit-a11y is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior The package use...

9.8CVSS5.9AI score
Exploits0References3
Snyk
Snyk
added 2026/03/12 4:23 p.m.3 views

Malicious Package

Overview minify-mangle-names is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior The...

9.8CVSS5.9AI score
Exploits0References3
Snyk
Snyk
added 2026/03/12 4:23 p.m.2 views

Malicious Package

Overview transform-export-extensions is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious...

9.8CVSS5.9AI score
Exploits0References3
Snyk
Snyk
added 2026/03/12 4:23 p.m.6 views

Malicious Package

Overview syntax-export-extensions is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior...

9.8CVSS5.9AI score
Exploits0References3
Snyk
Snyk
added 2026/03/12 4:23 p.m.1 views

Malicious Package

Overview reuse-plugin is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior The package...

9.8CVSS5.9AI score
Exploits0References3
Snyk
Snyk
added 2026/03/12 4:23 p.m.1 views

Malicious Package

Overview transform-es2015-parameters is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious...

9.8CVSS5.9AI score
Exploits0References3
Snyk
Snyk
added 2026/03/12 4:23 p.m.9 views

Malicious Package

Overview transform-dynamic-import is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior...

9.8CVSS5.9AI score
Exploits0References3
Snyk
Snyk
added 2026/03/12 4:23 p.m.6 views

Malicious Package

Overview relay-optimizer-plugin is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior T...

9.8CVSS5.9AI score
Exploits0References3
Rows per page
Query Builder