Lucene search
K

4 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago5 views

Malicious code in fury_frontend-andes-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 29bea4f118854efa6568545722d7210a76e06e64cad4036e0cc0b45c45aafe37 The package's postinstall hook auto-executes index.js on npm install. The script collects the installer's OS username os.userInfo, current working...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/07/28 8:15 p.m.4 views

Malicious code in udn_extras (npm)

The package is a malware because it contains a postinstall script that executes index.js. The index.js script gathers sensitive information such as hostname, platform, username, IP address, and environment variables and sends it to an external server webhook.site via an HTTPS POST request. This...

6.6AI score
Exploits0References2
Snyk
Snyk
added 2023/02/10 9:5 a.m.3 views

Malicious Package

Overview certtifi is a malicious package. It attempts typosquatting popular packages. The malicious script is base64 obfuscated located in init.py file and tries to steal the current username, platform and IP information and send them to a remote host. Malicious behavior python import getpass...

9.8CVSS6.8AI score
Exploits0References2
Snyk
Snyk
added 2023/02/10 9:5 a.m.4 views

Malicious Package

Overview certifiee is a malicious package. It attempts typosquatting popular packages. The malicious script is base64 obfuscated located in init.py file and tries to steal the current username, platform and IP information and send them to a remote host. Malicious behavior python import getpass...

9.8CVSS6.8AI score
Exploits0References2
Rows per page
Query Builder