Lucene search
K

3524 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added yesterday3 views

Malicious code in tipsen-last (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d8dda277dd82e1c50906cff18341bb76485eed33ba42d39b228c447514e4081f package.json declares its only runtime dependency "safe-chain-test" as a direct tarball URL on hoped-twice-evaluation-site.trycloudflare.com — an...

6.2AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday5 views

Malicious code in abuden229 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 348ad89821b1ea36a325bc8f2e570b3a74e3a6238381106746bc31146c743fec The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in abuden228 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b15ded0c14059932e82f8e56f2b6d6fb13ebe2da3b51d3e17e048044e9266716 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSV
OSV
added yesterday3 views

MAL-2026-10282 Malicious code in acidic (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ef3583eb4d5b190d763cd784f5a40cb2cddaa8f1b6cd81b8a663bb612b51bb7 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday3 views

Malicious code in acidic (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ef3583eb4d5b190d763cd784f5a40cb2cddaa8f1b6cd81b8a663bb612b51bb7 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday3 views

Malicious code in abuden23 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a3dd35665bdd420f175b6b522ef75b800e178d26b62971b55b20891e5663c0c The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday3 views

Malicious code in nottuff18 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b37399115949eb936a5e60cb1e4bc150431211adb4c62ea0bb2ad7120bf5c39 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday5 views

Malicious code in ishowfeet11 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 35ad3f426377de0f1898ef51d148062669bd91d3cbae08ffe620af8514fde41e The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in ratelimitsucks9 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0c5a4a441bf00f2d9dd64e778e4c796779d0a4a216b92bcaee66d8012d4ce255 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in ratelimitsucks1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2908fa35f3ab37dd9e5b137580117e8be746c328b74934d3a5f04d8ce805149b The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday3 views

Malicious code in sixseven6 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3fce7a5f40c9f40116627ed8a771d60c34786bc52648e39e0741fe392ed0120b The package declares no install/postinstall/preinstall lifecycle scripts, and its declared main is sw.js — a browser ServiceWorker that uses...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in backupsitetuff10 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8062677ad6aa536c8e4582df43db6251e78e0cd2a0e4c36348a997bc28b06d5b The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday5 views

Malicious code in backup3-ff (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a32646e3ad3e35186f8344c19ccdecfd69c26e8047fc44b77c0516b644fd094 The npm package [email protected] ships multiple heavily obfuscated JavaScript bundles under assets/ AccountPage, DarkVeil, GamesPage, PlusBlockedNote...

6.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday3 views

Malicious code in thebigyahu (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3eb60a0e719514988070d96c3cedea8d918edccef68203afe3cda86635c607de The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday3 views

Malicious code in lowkeybored (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 44a98aa46273662e37d16a9ce5fd2e003ae747c89301cbd03b1ba52bdbe81fca The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago10 views

Malicious code in nodemon-sudo (npm)

The npm package nodemon-sudo is a typosquat of the popular nodemon package: its package.json description "Simple monitor script for use during development of a Node.js app.", main entry ./lib/nodemon, and forged author field Remy Sharp, the real maintainer of nodemon are copied from the legitimat...

6.5AI score
Exploits0References4
OSV
OSV
added 6 days ago6 views

MAL-2026-6967 Malicious code in nam-os-a-man (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a483a2ae78f1f6f7d3d4da1ab74cc189f29564e002299f09c19e0d3eb41e40aa The package declares a postinstall hook that runs index.js on npm install. index.js collects the installer's OS username os.userInfo.username, hostna...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added last week11 views

Malicious code in whs4_nmp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53a1fc3c42fcd64070dd50db1ed23a9f238bd10fea9bba087cb605f7419af28c The package's postinstall script runs node index.js on install, which invokes reportLoadedFrom to POST installer-side data to a hardcoded Discord...

6AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added last week9 views

Malicious code in wsh4_npm (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b6c0b02642cf1c4c0fe420fd03c0c129c21a544144878df4833373da1b98aab On npm install, the package's postinstall hook scripts.postinstall: node index.js auto-executes index.js, which builds a payload containing the...

5.9AI score
Exploits0References2
OSV
OSV
added last week8 views

MAL-2026-6939 Malicious code in polytrade (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5bb6b9a4e70c868e150f06160b187915bcdeb6c9c8f95095af4766dde92f96c5 [email protected] advertises itself as a Polymarket API SDK, but the exported getPlugin function in index.js issues an HTTP request to...

6.2AI score
Exploits0References2
Rows per page
Query Builder