Lucene search
+L

649 matches found

ossf
ossf
added yesterday6 views

Malicious code in @hkyyy/portal-widget-helper-0601 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f72e27d8bfbf5b9bfefe661d642be934399a38031c1bee028a20ed3282e0f482 The package has no real functionality — index.js only exports ok: true — and its sole effect is to run a postinstall reconnaissance script...

6.1AI score
Exploits0References2
ossf
ossf
added 3 days ago6 views

Malicious code in nottuff9 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c6210eaca44901153bc909ce8f071e22124821bb4f3faaad1c2e9fb1189f46c The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
ossf
ossf
added 3 days ago6 views

Malicious code in imillegal2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a225f0551d1cfdc2da755da6241bc992376b5beddd6bc0895ea816391556e985 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
osv
osv
added 3 days ago3 views

MAL-2026-10361 Malicious code in omglucidesotuff (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d144d98f0e90909ee371acfeeec0ad2ffe44450335ddf7f7a58f71a53dc7b107 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
ossf
ossf
added 3 days ago6 views

Malicious code in bomboclatwallahi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55a7d4f08c0c79c42f9938a1c11d3d6828907fb309e582faf38065bbd04f5149 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
ossf
ossf
added 2026/07/08 8:26 a.m.12 views

Malicious code in na-rony (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 193f3dbfb6073e7b6c5dacb0e79157ccac9c69ac4c23d2c8270cc23d27cab699 package.json declares postinstall: node index.js, causing index.js to execute automatically on npm install. The script collects the installer's OS...

6AI score
Exploits0References5
osv
osv
added 2026/07/08 8:26 a.m.8 views

MAL-2026-6964 Malicious code in na-rony (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 193f3dbfb6073e7b6c5dacb0e79157ccac9c69ac4c23d2c8270cc23d27cab699 package.json declares postinstall: node index.js, causing index.js to execute automatically on npm install. The script collects the installer's OS...

6.2AI score
Exploits0References5
ossf
ossf
added 2026/07/07 3:34 p.m.10 views

Malicious code in annotator-harvardx (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e60352f3188693c150a75a0c785e9398fd12270a4cd481c3bcb411993beffbbd The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
osv
osv
added 2026/07/07 12:0 a.m.9 views

MAL-2026-6947 Malicious code in paperclip-host-utils (npm)

The package 'paperclip-host-utils' is a purpose-built malware package published by the npm account 'srm0rgan' [email protected] as part of a coordinated campaign of fake 'Paperclip' VPS-maintenance adapters siblings: paperclip2, vps-maintenance, vps-maintenance-paperclip-adapter, vps-adapter-cor...

6.2AI score
Exploits0References9
osv
osv
added 2026/07/06 6:58 p.m.9 views

MAL-2026-6884 Malicious code in syncora (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fad6a402b2081c7bd35f082e81588979985d9e4b458e0a34794e50f4acc14fd7 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
osv
osv
added 2026/07/06 6:54 p.m.3 views

MAL-2026-6855 Malicious code in next-bignumber.js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 615f1e472f3fec95854738e64a4e4883676d514db833ca3bfa7a1008c0253a57 Package impersonates the widely-used bn.js crypto library: README, repository URL, logo, and source files are copied verbatim from indutny/bn.js, but...

6.1AI score
Exploits0References2
osv
osv
added 2026/07/06 6:53 p.m.5 views

MAL-2026-6852 Malicious code in metrica-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6a0ee3435b3bf0949e63f6770b91c6bb1e2d7912054dc1cb9382e3eae20c84ac Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
ossf
ossf
added 2026/07/06 6:53 p.m.8 views

Malicious code in log-format-thread (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e034e855661cc792a14908c613b0d3ae31917a99927ddf0db29b1ae173df0cd Package advertises itself as a log formatter but exposes an undocumented threadContent option on createLogger that is forwarded to a worker thread...

6.3AI score
Exploits0References3
ossf
ossf
added 2026/06/30 2:10 p.m.7 views

Malicious code in rs-biginteger (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 796cb1ee4c8398963dcc192d2fc9b425866f40f7a99b467cba1d160234508617 Package presents itself as a big-integer arithmetic library and ships the verbatim big.js v7.0.1 source plus its README. Injected between the P.minus...

6.2AI score
Exploits0References3
osv
osv
added 2026/06/29 4:53 p.m.6 views

MAL-2026-6609 Malicious code in @contentprod-authoring/block-manager (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fa028931eef026447363bc2ef44ace207f4f3226de4289e354d26d730fa28186 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
ossf
ossf
added 2026/06/24 1:17 a.m.11 views

Malicious code in vscode-test-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c62d19484eeb938a92dfdcc6cbce9dba47e390676774254b0dc318702a214418 Package occupies the unscoped npm name vscode-test-web, a likely-misreference target for the legitimate @vscode/test-web scoped package. On require,...

5.9AI score
Exploits0References2
osv
osv
added 2026/06/23 6:10 a.m.9 views

MAL-2026-6277 Malicious code in search-from-search (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 06e2e600c7cba50d7cc3cbff52a18f77e508ec66be3a50cd4960f84771598548 package.json registers node callback.js as both preinstall and postinstall, so the payload runs automatically on npm install. callback.js collects th...

5.8AI score
Exploits0References2
ossf
ossf
added 2026/06/17 4:58 a.m.10 views

Malicious code in @mastra/deployer-cloudflare (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 134b341a4308b5afd16ffa8eaf1c28befc1ebbd10303579f674eba8c480ba0b0 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
ossf
ossf
added 2026/06/17 4:58 a.m.8 views

Malicious code in @mastra/deployer-vercel (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 51c995bee89c27de9fc067df60d17baac74e4fec7f1682bc606694bb6f09848c The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
osv
osv
added 2026/06/17 4:57 a.m.7 views

MAL-2026-6042 Malicious code in @mastra/vectorize (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e3388ddbcdb1a37e8cb864a2b4b8b7b6a1c7b3dcd00735a6f962f56432a9b0ab The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
Rows per page
Query Builder