Lucene search
K

2656 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added yesterday5 views

Malicious code in polygon-gama-apis (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0e5efa9d57dae04a6082dfa776d2c2664f3ce5a838ed9cf56f40656937b7e92 polygon-gama-apis exports getPlugin, which fetches JSON from https://bet.slotgambit.com/icons/111 and passes the response field data.credits directly...

6.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago5 views

Malicious code in qlkube (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 51bbdab9d33c291290e2f871acd2ebf7bf64c2c66c5124592055669771b6301e The package's package.json declares a preinstall lifecycle script that runs curl https://cwcie03pzedo62twgbs3x6e9l0rsfk39.oastify.com on npm install...

6.3AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago6 views

Malicious code in evm-typechain (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0a78b4d04410e295cbe340c95e6800a0777717d46ce136f0c30b5593d1bd9738 On require, index.js issues an HTTPS GET to https://www.jsonkeeper.com/b/PC5CK, passes the returned JSON cookie field to new Function'require',..., a...

6.7AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago7 views

Malicious code in chai-chain-dom (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f1964693dd7c2bdd9ca7ae20eb441597571b1b78a689bd97648998c6442bda99 Package impersonates the pino logger exports module.exports.pino, README uses pino badge, keywords mimic pino but its actual behavior is a remote cod...

6.3AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago7 views

Malicious code in solana-address-codec (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e1008cff7bb82464ce9ade3ae5c353e929b7367800b404a038baa8a026c69ae The package name resembles utilities in the Solana ecosystem e.g., @solana/addresses and address codec helpers, which is a common target for typosqua...

5.9AI score
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago8 views

Malicious code in windrule-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12204dba8f73baf0bb7f6ce1ebd80bb2ce689752abaea290e1429aed4037bb9c No suspicious behaviors were observed in this package version. There are no lifecycle scripts fetching or executing remote code, no hardcoded...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago6 views

Malicious code in cookie-ease (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e657448e95c84051d3c103da0e4bd744f5bc6cbbeedad66099d1ecf4681a65d5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/30 3:13 p.m.10 views

Malicious code in setup-cicd (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3b9d7d7f16320d5296fb3acf5cc61ae1cf55125c89fde6b702acd406e1516f92 Package [email protected] contains no observed behaviors matching supply-chain attack patterns. No lifecycle scripts, install-time network fetches,...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:53 p.m.9 views

Malicious code in @meego-progressive/cdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5a7205f38cfc6908e42b221ffcaf5118f3ef9891d4b1cc7c0798411cc7b0b349 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:33 p.m.10 views

Malicious code in clx-cookieparser (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 29b7ab13cd76393ea58b540ccf13b4ab4660edb4fac210d86a67e51b45fa1d0c Package ships a verbatim copy of the Express 'cookie-parser' middleware under a different name 'clx-cookieparser' and declares a repository field...

6AI score
Exploits0References8
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 3:27 p.m.7 views

Malicious code in parket-flow (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e9b185a1b54e41a8fb900a67aab43dbb78abc4fea96e9ca05d356f6864e3bdd index.js imports childprocess and invokes execSync with bash and zsh shells index.js line 1, 301, 317. Without traced execution context it is not...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 5:7 a.m.7 views

Malicious code in @mastra/voice-deepgram (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45c6269a96366ca5cb804b7078f3eb2d0306ac86335922e3b00a17db6426024c The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 4:57 a.m.8 views

Malicious code in @mastra/couchbase (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 693f6ba494800c38ce77ad49fa5d74745125fc4d3bb68c047ea96032580b7a93 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/16 11:54 a.m.12 views

Malicious code in ioredis-os (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 387bee0d123eeed248b8be6281784b88d2a3385943a3f696541c1ce48b1c817a ioredis-os appends -os to the widely-used ioredis package name and ships what appears to be a verbatim fork of ioredis same author, same upstream...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/16 6:9 a.m.15 views

Malicious code in fabric-graphics (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3a0e1c67eb156113685783efe75a2bd26718f6dcb5b63ece1f47ec01098f71fb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.4AI score
Exploits0References1
OSV
OSV
added 2026/06/16 12:5 a.m.11 views

MAL-2026-5853 Malicious code in sp-api-dev-assistant-mcp-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 41506fcb0f329d1b260c8aea68fe27eb7b648576521da211f366dc49459bc388 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.4AI score
Exploits0References1
OSV
OSV
added 2026/06/11 12:36 p.m.11 views

MAL-2026-5650 Malicious code in ozone-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a208d054d164fa8fb82cafe470c99be244c6a911aed15ecf2f1546bc10cbbc32 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 9:35 a.m.18 views

Malicious code in typeorm-encrypt (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a56a819a1e640411db5e485054b23282d0d04f847270ea17c605cbfa6e6ab5ac The published tarball contains lib/lib.min.js, a heavily obfuscated file that stashes Node intrinsics on globals global'r'=require; global'm'=module;...

5.4AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/10 12:10 p.m.15 views

Malicious code in @solana-launchpad/sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2f311ca65e1dd4812e0b9812be713108a676a6f25c8d48443ab93a97133447b7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score
Exploits0References2
OSV
OSV
added 2026/06/09 2:17 p.m.9 views

MAL-2026-5379 Malicious code in @doaction/storage (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e2555ac1fb49d2dac0108e398a6acffa2bffa1a86326db5fa384ed1232fdab89 Package @doaction/[email protected] is shaped as a dependency-confusion attack against the private-looking @doaction scope. The 99.99.99 sentinel...

5.5AI score
Exploits0References3
Rows per page
Query Builder