Lucene search
K

34 matches found

OSV
OSV
added 2026/06/09 6:3 p.m.12 views

MAL-2026-5461 Malicious code in fhirproxy-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 405cf847121f4bfed32bc5679a40b64c1338b142af75823ef9583944a7ae7b5a On npm install via the prepare lifecycle hook and many other lifecycle aliases and on require, index.js performs broad reconnaissance and exfiltratio...

5.5AI score
Exploits0References1
Snyk
Snyk
added 2026/06/06 9:0 p.m.15 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...

9.8CVSS5.6AI score
Exploits0References2
Snyk
Snyk
added 2026/06/06 9:0 p.m.12 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...

9.8CVSS5.6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/05 12:53 a.m.10 views

Malicious code in node-env-resolver-vite (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ebb20ec41cd318dc4b8958df0ddc5c86e5fede7c4ee3c7ced1439aad3e943b97 The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...

6.1AI score
Exploits0References3
Snyk
Snyk
added 2025/09/17 9:47 p.m.3 views

Embedded Malicious Code

Overview @basic-ui-components-stc/basic-ui-components is a starter project for building a standalone Web Component using Stencil Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secre...

9.8CVSS7AI score
Exploits0References2
Snyk
Snyk
added 2025/09/15 7:39 a.m.2 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

9.8CVSS7AI score
Exploits0References2
Snyk
Snyk
added 2025/09/15 7:39 a.m.2 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

9.8CVSS7AI score
Exploits0References2
Snyk
Snyk
added 2025/09/15 7:39 a.m.2 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

9.8CVSS7AI score
Exploits0References2
Snyk
Snyk
added 2025/09/15 7:39 a.m.3 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

9.8CVSS7AI score
Exploits0References2
Snyk
Snyk
added 2025/09/15 7:39 a.m.5 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

9.8CVSS7AI score
Exploits0References2
Snyk
Snyk
added 2025/09/15 7:39 a.m.1 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

9.8CVSS7AI score
Exploits0References2
Snyk
Snyk
added 2025/09/15 7:39 a.m.1 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

9.8CVSS7AI score
Exploits0References2
Snyk
Snyk
added 2025/09/15 7:39 a.m.1 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

9.8CVSS7AI score
Exploits0References2
Snyk
Snyk
added 2025/09/15 7:39 a.m.2 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

9.8CVSS7AI score
Exploits0References2
Snyk
Snyk
added 2025/09/15 7:39 a.m.2 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

9.8CVSS7AI score
Exploits0References2
Snyk
Snyk
added 2025/09/15 7:39 a.m.3 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

9.8CVSS7AI score
Exploits0References2
Snyk
Snyk
added 2025/09/15 7:39 a.m.3 views

Embedded Malicious Code

Overview @nativescript-community/perms is an unified permissions API for NativeScript on iOS and Android. Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's...

9.8CVSS6.9AI score
Exploits0References2
Snyk
Snyk
added 2025/09/15 7:39 a.m.3 views

Embedded Malicious Code

Overview @ctrl/react-adsense is an Adsense component for react Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens...

9.8CVSS7AI score
Exploits0References2
Snyk
Snyk
added 2025/09/15 7:39 a.m.2 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

9.8CVSS7AI score
Exploits0References2
Snyk
Snyk
added 2025/09/15 7:39 a.m.3 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

9.8CVSS7AI score
Exploits0References2
Rows per page
Query Builder