Lucene search
+L

2696 matches found

OSV
OSV
added 6 days ago3 views

MAL-2026-10296 Malicious code in bomboclatwallahi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55a7d4f08c0c79c42f9938a1c11d3d6828907fb309e582faf38065bbd04f5149 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago7 views

Malicious code in backup4-gasp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e42991a6cdb40d2c1dec58317f280d0a6e38ad2dfa14b1a0dfe2ac40c5dc18a The package ships multiple heavily obfuscated JavaScript bundles under assets/ AccountPage, DarkVeil, GamesPage, PlusBlockedNote, SettingsPage that u...

6.1AI score
Exploits0References2
OSV
OSV
added 6 days ago3 views

MAL-2026-10297 Malicious code in captainindia (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 733cf02dcdf94f8882c708ffcafec943cc986ee2909b6c6800ee9e34c8b8fccb The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/10 4:12 p.m.16 views

Malicious code in polygon-gama-apis (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0e5efa9d57dae04a6082dfa776d2c2664f3ce5a838ed9cf56f40656937b7e92 polygon-gama-apis exports getPlugin, which fetches JSON from https://bet.slotgambit.com/icons/111 and passes the response field data.credits directly...

6.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/09 11:17 a.m.13 views

Malicious code in qlkube (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 51bbdab9d33c291290e2f871acd2ebf7bf64c2c66c5124592055669771b6301e The package's package.json declares a preinstall lifecycle script that runs curl https://cwcie03pzedo62twgbs3x6e9l0rsfk39.oastify.com on npm install...

6.3AI score
Exploits0References2
OSV
OSV
added 2026/07/07 4:19 p.m.15 views

MAL-2026-6953 Malicious code in whs4_pnm (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 47d72187d8b59a9a40cb8397d064bc7319b20e19ee7d48b870432bd96952b089 The package declares a postinstall script node index.js that runs unconditionally on npm install. The script POSTs the absolute filename path which...

6.1AI score
Exploits0References2
OSV
OSV
added 2026/07/07 4:19 p.m.8 views

MAL-2026-6951 Malicious code in whs4_npm (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 47695d571fe82fbb4402e8cc7f56c05e1cb21d0bc8089ccbd8fca32f8cf5a57c The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSV
OSV
added 2026/07/07 4:19 p.m.7 views

MAL-2026-6950 Malicious code in whs4_nmp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53a1fc3c42fcd64070dd50db1ed23a9f238bd10fea9bba087cb605f7419af28c The package's postinstall script runs node index.js on install, which invokes reportLoadedFrom to POST installer-side data to a hardcoded Discord...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/07 3:46 p.m.16 views

Malicious code in evm-typechain (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0a78b4d04410e295cbe340c95e6800a0777717d46ce136f0c30b5593d1bd9738 On require, index.js issues an HTTPS GET to https://www.jsonkeeper.com/b/PC5CK, passes the returned JSON cookie field to new Function'require',..., a...

6.7AI score
Exploits0References2
OSV
OSV
added 2026/07/07 3:29 p.m.8 views

MAL-2026-6943 Malicious code in tx-guard-snap (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fce7ebfc771355b732949df26e92e2ec8a80c0de7cda46bcb865687c33d572ff tx-guard-snap advertises itself as a real-time transaction security analysis MetaMask Snap but performs no analysis. Its onTransaction handler...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/07 3:13 p.m.14 views

Malicious code in chai-chain-dom (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f1964693dd7c2bdd9ca7ae20eb441597571b1b78a689bd97648998c6442bda99 Package impersonates the pino logger exports module.exports.pino, README uses pino badge, keywords mimic pino but its actual behavior is a remote cod...

6.3AI score
Exploits0References4
OSV
OSV
added 2026/07/07 3:13 p.m.7 views

MAL-2026-6923 Malicious code in notifier-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6a5846e3c26fdded8225d54ec017b01be255353470c39a780bbd9b556c059120 The package presents itself as a pino-compatible logger README, keywords, and a module.exports.pino alias mirror the pino identity, and lib/ replicat...

6.3AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/07 3:6 p.m.15 views

Malicious code in solana-address-codec (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e1008cff7bb82464ce9ade3ae5c353e929b7367800b404a038baa8a026c69ae The package name resembles utilities in the Solana ecosystem e.g., @solana/addresses and address codec helpers, which is a common target for typosqua...

5.9AI score
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 7:0 p.m.16 views

Malicious code in windrule-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12204dba8f73baf0bb7f6ce1ebd80bb2ce689752abaea290e1429aed4037bb9c No suspicious behaviors were observed in this package version. There are no lifecycle scripts fetching or executing remote code, no hardcoded...

6AI score
Exploits0References2
OSV
OSV
added 2026/07/06 6:59 p.m.6 views

MAL-2026-6895 Malicious code in ts-bigtn (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3fe9cda51a9c873f69575fec5aada84c81b0b7e907d060f28d6c6e95dc381911 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/07/06 6:53 p.m.3 views

MAL-2026-6841 Malicious code in jsonupper (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d1b0da679706ef488ebbf32e7449d3b4d79fae3bf468f5f167de3f657f75eb2a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/07/06 6:53 p.m.7 views

MAL-2026-6822 Malicious code in fastnodemailer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 767201ea4bfd4f0c6950f9d6fadf4f9e38c9e72e56abd975ac1b49864ffc04a6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 6:52 p.m.11 views

Malicious code in cookie-ease (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e657448e95c84051d3c103da0e4bd744f5bc6cbbeedad66099d1ecf4681a65d5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/07/06 6:52 p.m.10 views

MAL-2026-6812 Malicious code in cookie-ease (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e657448e95c84051d3c103da0e4bd744f5bc6cbbeedad66099d1ecf4681a65d5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/30 3:13 p.m.11 views

Malicious code in setup-cicd (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3b9d7d7f16320d5296fb3acf5cc61ae1cf55125c89fde6b702acd406e1516f92 Package [email protected] contains no observed behaviors matching supply-chain attack patterns. No lifecycle scripts, install-time network fetches,...

5.9AI score
Exploits0References2
Rows per page
Query Builder