Lucene search
K

399 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in ratelimitsucks5 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e1a8e8337f9df3011cf32fbc4bb478d960681df93aaaddfdec39034a123a9b5b The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago7 views

Malicious code in @vite-ln/build-ts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8972bbfdd55ad200dd49b08501d7391beca99841f0c36479806f2b1e329950a2 Package @vite-ln/build-ts copies the legitimate vite package's manifest verbatim description 'Native-ESM powered web dev build tool', author 'Evan...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/07 3:34 p.m.10 views

Malicious code in nuxt-fonts-devtools (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d6ede5024b6ee71356eedb3dfb3bb648682901bf6b966bbe353daff6082ecc85 Package ships only a package.json and a readme; there is no main entry, no bin, no scripts, no dependencies, and no executable code. The readme...

6.1AI score
Exploits0References2
OSV
OSV
added 2026/07/06 6:53 p.m.5 views

MAL-2026-6849 Malicious code in log-upgrade (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f55c4d43e953e16c7d0325948c789e0fdf1acefaca4b47ceabf199a5288e6f82 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:53 p.m.9 views

Malicious code in @contentprod-authoring/block-manager (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fa028931eef026447363bc2ef44ace207f4f3226de4289e354d26d730fa28186 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:32 p.m.10 views

Malicious code in bundrix (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f853223051c1cb68bc005b827209cb844bcde568473a9ff819fb34fccb042d74 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 5:5 a.m.10 views

Malicious code in @mastra/agent-browser (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 49ba6a41e7e43733a8334968ce740af8771208c66c7529d9f4319bd62e39601d @mastra/[email protected] declares a dependency on 'easy-day-js@^1.11.21' in package.json, but the package's own compiled code in dist/index.js nev...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 4:58 a.m.15 views

Malicious code in @mastra/cursor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a20d5cfabc08a156c36f4febc9204bc1303600106f54ae320b9bfcac7967ca7f The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 3:11 a.m.13 views

Malicious code in @mastra/langfuse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f30e29c157bf23964dd09537f5c99aeb494c21ebce16d6a33b746a576a02566b The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/06/17 3:11 a.m.19 views

MAL-2026-5952 Malicious code in @mastra/langfuse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f30e29c157bf23964dd09537f5c99aeb494c21ebce16d6a33b746a576a02566b The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSV
OSV
added 2026/06/12 2:32 p.m.8 views

MAL-2026-5689 Malicious code in ecto-rust-read-f3a9c1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e73d10b993d9601d0dfe78d143a550ed008b8233beb8b88b7443208e4d0fa89d On install, postinstall.js evaluates a targeting heuristic isRealTarget that fires only when the build environment looks like a real corporate...

5.5AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 1:54 p.m.12 views

Malicious code in mm-ts-utils-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6f5526f66eb7799c34080dc4e5f938decfa90924772556b159a26eaa3b1c4eb3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 9:35 a.m.18 views

Malicious code in sass-format (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dfb75afd7831272c042cd125165c2af78dff7be9be44f5a9df12382dda56934a The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 4:16 a.m.15 views

Malicious code in tailwind-dark-mode-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 05c8c711242c04547353cacb4860ee757d595ac459a6f8d7311d2c0827a6bc92 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/06/10 3:48 p.m.8 views

MAL-2026-5516 Malicious code in tailwind-animator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e9a1b7c3c3877a14abbea0abc4ee53a2d5d7207f7932141f428235c069285c0d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/05/29 10:2 p.m.10 views

MAL-2026-5049 Malicious code in @lir-portal/web-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f6cc9f2fe6ad0219df5db208b736cb45305b7e7062ec9d66a3316427e050989f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 1:3 p.m.13 views

Malicious code in @limebike/supreme-date-pickers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6c82e94fac384ea6891e5aea99635ab429663e321502acbbc9eaaf81864e0d5e On npm install, both preinstall and postinstall hooks execute index.js, which collects the installer's hostname, all non-internal network interface I...

5.9AI score
Exploits0References3
OSV
OSV
added 2026/05/12 4:38 a.m.10 views

MAL-2026-3585 Malicious code in @uipath/vertical-solutions-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 76957e857334423d0c1f4100218bb5856183968cc9475481adecdf97eac57796 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/12 4:28 a.m.11 views

Malicious code in @uipath/resources-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 740339e7d1f42f7f163cbe965322c0e9438ae7efd05a29fbd4cc161e6fe5a5f3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References6
OSV
OSV
added 2026/05/12 12:18 a.m.11 views

MAL-2026-3441 Malicious code in @squawk/fix-data (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 624b956af551986dc49e0004c6e0c804f3b48f57216b63bb5784c9c236e866da The package @squawk/fix-data was found to contain malicious code. Source: ghsa-malware b47010b41e9098203e9d382c36292a5bfa3c32741fbc916a9a9935f9975fc8...

5.8AI score
Exploits0References6
Rows per page
Query Builder