Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

OSV
OSVadded 2026/05/23 2:17 a.m.6 views

MAL-2026-4548 Malicious code in dds-js-idl-types (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 68e8941c301603919022f1d67d311d576d5d5efcac7ed7cb0d3526cb71e829d6 On npm install, the package's postinstall.js runs whoami and reads os.hostname, os.platform, the current working directory, and CI-related environmen...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/23 2:15 a.m.6 views

Malicious code in dds-js-idl (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c864bc6e21a3795faba4de876942dfffa4baed76c926d96d52c83c32d1f49f69 On npm install, postinstall.js runs whoami via execSync and collects os.hostname, os.platform, cwd, and CI/GitHub env vars, then exfiltrates them ove...

5.8AI score
Exploits0References2
OSV
OSVadded 2026/05/23 2:15 a.m.6 views

MAL-2026-4264 Malicious code in dds-js-idl (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c864bc6e21a3795faba4de876942dfffa4baed76c926d96d52c83c32d1f49f69 On npm install, postinstall.js runs whoami via execSync and collects os.hostname, os.platform, cwd, and CI/GitHub env vars, then exfiltrates them ove...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packagesadded 2025/07/02 5:32 p.m.3 views

Malicious code in dds-js (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d47ebdc1891b1fd02986098c63e73de75cf01ce8c67fc24f74ec39c86a04e866 The OpenSSF Package Analysis project identified 'dds-js' @ 2.4.0 npm ...

7.1AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packagesadded 2025/01/20 7:34 a.m.5 views

Malicious code in dds-js-devkit (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0e0db7ac7daeb916d2610c7e857e635a24cecf8264c32d39366fc297fcda631d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References3
OSV
OSVadded 2025/01/20 7:34 a.m.2 views

MAL-2025-179 Malicious code in dds-js-devkit (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0e0db7ac7daeb916d2610c7e857e635a24cecf8264c32d39366fc297fcda631d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References3
Rows per page
Query Builder