Lucene search
K

242 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in sixseven8 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec482cba13f20090fc306d9a8c732ec4edbc8bb9326324f7dedfb544ad0d9a11 The package declares no install/postinstall/preinstall lifecycle scripts, and its declared main is sw.js — a browser ServiceWorker that uses...

6.2AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in abuden1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 366c27a7f56562405e9af37dcb6a78fa8f535af50e9ecd68ec559fbb1f80f5d7 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSV
OSV
added 2026/07/03 3:37 p.m.8 views

MAL-2026-6740 Malicious code in decode-sdks (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 645d703f4bbd5a7aedaa60a60b7d20af253d4da8efaf82cbac3520a8f21d67b6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/07/02 1:17 p.m.3 views

MAL-2026-6726 Malicious code in db-convertor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7480b95a12688a84f3efd3d4c5c8a82c5c761f1f462eb22201f4385fb9bf691c index.js defines a method queryDBConnect on the exported DivbloxDatabaseConnector class that base64-decodes a hardcoded constant HASHKEY to the URL...

6.2AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/02 1:17 p.m.8 views

Malicious code in db-convertor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7480b95a12688a84f3efd3d4c5c8a82c5c761f1f462eb22201f4385fb9bf691c index.js defines a method queryDBConnect on the exported DivbloxDatabaseConnector class that base64-decodes a hardcoded constant HASHKEY to the URL...

6AI score
Exploits0References2
OSV
OSV
added 2026/07/02 1:2 p.m.6 views

MAL-2026-6725 Malicious code in @modhamanish/rn-mm-template (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bafa948cdfb9fda0d33e923e0e352a384adecfaaab1ece9a20b1b645c1b58ae6 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSV
OSV
added 2026/06/29 4:50 p.m.6 views

MAL-2026-6629 Malicious code in @lexisnexisrisk/insider-threat-platform (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dae189d0977c5458ccfe6ac903cf5014acf0e73277c22ad68edf683813066398 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 5:17 a.m.10 views

Malicious code in tw-style-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fc430da42cdbbb83b681be645a2bbc3f3f2a48e0e19d9d3624b4b3e6f9aa7e92 [email protected] was scanned and produced no findings indicative of supply-chain attack behavior. No install-time lifecycle scripts performing...

6AI score
Exploits0References3
OSV
OSV
added 2026/06/23 12:15 p.m.7 views

MAL-2026-6283 Malicious code in new-ecro-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0826d146dbc513ac14f403eaa9ba65dffbd04da52c55ff1840ad153dab96e87 The package publishes verbatim big.js v7.0.1 source including the upstream copyright header, README, repository URL pointing to MikeMcl/big.js, and t...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 12:5 p.m.11 views

Malicious code in ts-numbering (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fa4527431d4606a2360de6e24717f43f7053fc7d94f2f57ac5278a5676f06b4d The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/06/17 4:58 a.m.8 views

MAL-2026-6013 Malicious code in @mastra/cursor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a20d5cfabc08a156c36f4febc9204bc1303600106f54ae320b9bfcac7967ca7f The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSV
OSV
added 2026/06/16 12:5 a.m.9 views

MAL-2026-5851 Malicious code in epm-service-module-v2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8fd918cea189b1bc56c3747261e190b331708c8dc3e799d144e95c33c0ebe3c0 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References5
OSV
OSV
added 2026/06/11 1:54 p.m.12 views

MAL-2026-5665 Malicious code in @visma-net-platform/module-navigator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8d9c86b2942a6a62e08900c1c60743e4cec865cc0a439db8d8e6a0509d187b6f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/06/10 2:15 p.m.13 views

MAL-2026-5504 Malicious code in @easytipsportal/pos-adapters (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2b3beea7d832b4efd2ebc9c3a8eb2ffe1507564985414f7cf399abbd8fc55bc6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/06/10 1:55 p.m.9 views

MAL-2026-5508 Malicious code in martinez-polygon-clipping-simul-dalton (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fc17081752344fc57ebe6468de5909582aa81fb2957e605ee81aa46252150a0f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/10 1:34 p.m.14 views

Malicious code in solc-compiler (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6db07dc6d910303b81dcfab09279484fcfa83409addff755a29d58b1d0dff495 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/10 11:36 a.m.11 views

Malicious code in csc154-internall-depend (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 468d4fe797c3be3e29ea6da37c1b04112162bd349f7aea270cdbc4ba929d945d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/06/05 10:26 a.m.13 views

MAL-2026-5268 Malicious code in ulid-os (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e3976f115506c13c7fae459afc6ad381e64043c4b8ca394a115763baa3d182c The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSV
OSV
added 2026/06/01 12:3 p.m.14 views

MAL-2026-5110 Malicious code in jingmeideshishi (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fe45a0c6c68a7c9bff9135ecd725baea4558380b10e02e2ed1670f20146d6633 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/01 8:26 a.m.17 views

Malicious code in @antoncallahan/aws-user-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f93a70eff01af53e3710dab5d23b991b7255e6236bc2db796097bb35ace98a6e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
Rows per page
Query Builder