Lucene search
K

914 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in ishowfeet10 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4148b124e7ddd86ab1dd66865b0dad79d42d666a36a5e122f07e12b0d3029570 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSV
OSV
added yesterday3 views

MAL-2026-10362 Malicious code in omgyesyesyes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1eeb53892156b3a1354703f4f8beb2591548726886a017ccc7129407eb128ed9 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago6 views

Malicious code in polygon-gamma-apis (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a49bd3ddb3340e0ef3c76465b6e275d45ddc8eecdbd742747acde8588a2018b4 [email protected] advertises itself as a 'TypeScript SDK for the Polymarket CLOB API' but ships no Polymarket API surface. The exported...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago7 views

Malicious code in eslint-jest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8908ac72050dded53e2e163c528a446b7a4fd7a37a4874e14f95b08265f043c4 The package presents itself as an ESLint-inside-Jest runner but the documented linkProject/lintFiles/createJestRunner API is not implemented. The...

6.1AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added last week10 views

Malicious code in chai-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9192d163b3814064c95a23cb11e218732346628f3109517aab7697c2dcb6d016 On require, index.js spawns a detached background node process that runs lib/initializeCaller.js. That module axios.gets a base64-obfuscated URL...

6.2AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 6:56 p.m.7 views

Malicious code in polymarket-onchain-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 73556a574d8ee416a5440f889b73cafff3b464650d6b2b2caf4001ce15086f6c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/30 3:13 p.m.8 views

Malicious code in postcss-property-rollup (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector acb8d62cdeb6a2c19937f3d02aa6214a23114e4dbc38373e6107c8345c3f1f9f [email protected] was scanned with no a static rule matches and no behavioral findings. No exfiltration, install-time fetch-and-execute,...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/06/30 3:13 p.m.6 views

MAL-2026-6682 Malicious code in confluent-kafka-javascript (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e20f9433c5da4c3ee143c33ec2a876e07ff01aa1188d0efa783858bcd0903d3c Analysis of this package version produced no static indicator and no traced behavioral findings. The tarball does not exhibit lifecycle-script...

6.2AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:53 p.m.12 views

Malicious code in @druidsoft/botframework-directlinejs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 34ac6d117d0531ed668bd8df71233c07089b14c644a9403ee479976d75951fcb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:50 p.m.11 views

Malicious code in @rakuten-rewards/messaging-sdk-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a7fc8243854c9528882d45c044a4a7c7ce2ad94143a84f135b2b98cb536ce2f8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 2:0 p.m.7 views

Malicious code in authmatrix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 58eb7642f8d7e2fb2e898277c6961d2538f40766777a679020f4872b29925806 The package is published as 'authmatrix' with a description suggesting basic auth functionality, but its lib/ tree is a copy of the pino logger and i...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 1:51 a.m.8 views

Malicious code in wellnpm (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2cce5614817c010bad6d6bd86146713b627ad235b87d9ccd341bd3d996a80119 [email protected] ships a 24MB ELF binary named launch which is the XMRig Monero miner RandomX, cn/upx2, ghostrider algorithm strings, libuv/OpenSSL...

5.8AI score
Exploits0References7
OSV
OSV
added 2026/06/23 3:32 p.m.5 views

MAL-2026-6335 Malicious code in server-parket (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5a06d1b04d930608a5d15999711be4158b61d96a0f9c0c63353b3b25cd302c86 package.json declares postinstall: node test.js, but test.js is not present in the tarball — installation fails with MODULENOTFOUND and no code...

6.1AI score
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 12:15 p.m.8 views

Malicious code in new-solt-1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 51a48524931e3ec3199917bed8d48e70c07bf91f4a0322a46926b7c1d98d8b3e index.js imports childprocess and invokes execSync with bash and zsh shells around lines 315 and 331. The shell-execution pattern alone is not...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/06/17 6:35 p.m.11 views

MAL-2026-6073 Malicious code in @mastra/observability (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d011342f74ef411523da8a4a42af220a5816766b2d519fd8f824ed35f33fdb2 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References3
OSV
OSV
added 2026/06/17 5:7 a.m.7 views

MAL-2026-6044 Malicious code in @mastra/voice-deepgram (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45c6269a96366ca5cb804b7078f3eb2d0306ac86335922e3b00a17db6426024c The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSV
OSV
added 2026/06/17 5:7 a.m.9 views

MAL-2026-6046 Malicious code in @mastra/voice-google (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec7a69b358b2f5ed11287ca744502237a1b6971aac05d462222656a70b5864b3 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 4:56 a.m.8 views

Malicious code in @mastra/auth-clerk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d80aa3e2beb7b80c5c0ab6155ebf33290b48d7e23a97f7dc5e2f7bc288d5e84f The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 4:55 a.m.8 views

Malicious code in @mastra/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 89ab661f926db8827cca977fedce8cae92cf025babad8825c2e43467121a5c26 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/06/17 3:11 a.m.8 views

MAL-2026-5954 Malicious code in @mastra/libsql (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3bbbf064d557b14369949349954c599a26dda8f1d99e99bc5528c4b94e99bffb The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
Rows per page
Query Builder