Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3 matches found

OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/22 10:25 a.m.8 views

Malicious code in finkrouter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 75cee0798d304ff9f0532df845511df6560314b8808664c15b3c3aa18f1953b5 The package's CLI shipped as cli.obf.js, the javascript-obfuscator output with RC4 string-array encoding and control-flow flattening per package.json...

5.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/22 6:25 a.m.7 views

Malicious code in bingocode (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 78f3d873e7c4d16629263bb242a2636f18747d5dd096b614fb3cf43a56d2dc8e The package declares bin.claude pointing at bin/claude-win.cjs and bin/claude on Linux/macOS. After npm i -g bingocode, the claude command on PATH is...

5.5AI score
Exploits0References2
OSV
OSVadded 2026/05/19 6:5 p.m.4 views

MAL-2026-4370 Malicious code in @bonsai-ai/claude-code (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ad3b5646cf88b8eb5a7dbbec9fc2f1cfefcdf3a241d9604992e72c2f629889b9 Package published as @bonsai-ai/claude-code impersonates Anthropic's official @anthropic-ai/claude-code CLI. package.json sets author to 'Anthropic '...

5.9AI score
Exploits0References2
Rows per page
Query Builder