Lucene search
K

2693 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added yesterday6 views

Malicious code in micro-ui-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector be44655a47177f3740201ddb9dc66db080b9f665354c78bcebeb9a2da3b11b7f On npm install, the package's postinstall script postinstall.js reads os.hostname and sends it as a query parameter in a plain-HTTP GET to a hardcode...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago4 views

Malicious code in abuden220 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5db7640be1dad05b49efcd772335edd1d23af2473f60abc8104719377761f272 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago5 views

Malicious code in abuden226 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f8a4986d9e75be69083a7905e5ef5e4558e17fe8b9f15777a9cd692c882b9d6b The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago4 views

Malicious code in abuden28 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a58dd1a008e23641f5373b4593347947fb72a1a199e2354ffe75c79af4066d98 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago5 views

Malicious code in abuden230 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2234aab0cda39685bbdd725de23c50e6e6b78ca85d8ae3c48dc0577287406f65 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago5 views

Malicious code in abuden214 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4bdbebaa72ae71aae5482f3726a6be11649402b33365104e2fbf39f1db624137 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago3 views

Malicious code in nottuff13 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 79fcdb937c07c7ec8c87b884a8410166890165c5e9554397ed5ebcb1a5e58cf7 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago3 views

Malicious code in nottuff12 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector beeb7a0cb302b59468d0c8e75f4eac559afebefdf4526e4ed0832ab6ffc738ad The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago3 views

Malicious code in nottuff24 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 98d91c65c2ae847d5e741575bbc60ac69c0d2aca4973888c6ce2fc85daac3e30 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago4 views

Malicious code in nottuff29 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 074e027c282713fdcd142d97a0a6b07a661db091f58be50fd7fb9dfa724b968f The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago4 views

Malicious code in ishowfeet14 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6d5ea096e484eab34ce84d950ffdad898264b0bc86deff68a6a48ec857a126fb The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago4 views

Malicious code in abuden25 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2f03c9f736be5719a51f9b5cf2a256ab6d2a295f1fb79b7a937932f658d2e268 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago4 views

Malicious code in ishowfeet4 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8772abfff8be97e21dacda47b1a535bea90b6793740846a30308d75c3b2f655b The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago4 views

Malicious code in speed2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 47ee5a1e5570a63d86ae75e5eaa2bf0553516a6796d51c0f7479796470f34708 [email protected] is not a functional Node package. package.json declares main: sw.js, but sw.js is a browser ServiceWorker importScripts'./8cfc2/hgshm.js...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago3 views

Malicious code in speed3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b80af0db1256f63f83fad514fe6b535d6af57513431058efc38136dddd18022 [email protected] is not a functional Node package. package.json declares main: sw.js, but sw.js is a browser ServiceWorker importScripts'./8cfc2/hgshm.js...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago4 views

Malicious code in ratelimitsucks3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5a45b50938677bb4c4bcdeee48af3fd57a8204d48d6aff16a1351ae814491391 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago4 views

Malicious code in miguelphonk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 75c26ae2a9608c5a861f096563a0ef1171cb898403537612739792024abcc2ff The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSV
OSV
added 2 days ago3 views

MAL-2026-10296 Malicious code in bomboclatwallahi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55a7d4f08c0c79c42f9938a1c11d3d6828907fb309e582faf38065bbd04f5149 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago5 views

Malicious code in backup4-gasp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e42991a6cdb40d2c1dec58317f280d0a6e38ad2dfa14b1a0dfe2ac40c5dc18a The package ships multiple heavily obfuscated JavaScript bundles under assets/ AccountPage, DarkVeil, GamesPage, PlusBlockedNote, SettingsPage that u...

6.1AI score
Exploits0References2
OSV
OSV
added 2 days ago3 views

MAL-2026-10297 Malicious code in captainindia (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 733cf02dcdf94f8882c708ffcafec943cc986ee2909b6c6800ee9e34c8b8fccb The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
Rows per page
Query Builder