Lucene search
K

10 matches found

OSV
OSV
added 2026/06/09 7:50 a.m.10 views

MAL-2026-5349 Malicious code in @demica/core (npm)

Dep-confusion squat of internal @demica/core at sentinel high version 99.99.100 + auto-exec postinstall canary.js beaconing to RAW IP 157.230.17.236:80/dc. Sentinel-high-version + auto-exec beacon = MALICIOUS per operator policy c913; "authorized benign canary" framing does NOT downgrade, raw-IP...

5.4AI score
Exploits0References3
OSV
OSV
added 2026/03/24 12:48 p.m.9 views

MAL-2026-2126 Malicious code in agoda-dep-confusion (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector faa0bc71a76133f8ba2469aab72a42ed605c22eaf6a3816754f5dff2cb21fa87 The package agoda-dep-confusion was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/24 12:48 p.m.15 views

Malicious code in agoda-dep-confusion (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector faa0bc71a76133f8ba2469aab72a42ed605c22eaf6a3816754f5dff2cb21fa87 The package agoda-dep-confusion was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
Snyk
Snyk
added 2026/03/24 12:48 p.m.6 views

Malicious Package

Overview agoda-dep-confusion is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/07/10 11:59 a.m.2 views

Malicious code in dep-confusion-poc-monke (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fd5eadc84c6eaa4f7eb92319cac88bbe0057e1eb86646846287104d5d7d8f9c0 Any computer that has this package installed or running should be considered...

6.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/12/19 11:11 a.m.3 views

Malicious code in dep-confusion-tester (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a02b1736028edc558aec7dae01fc23a8b183b0eb84ec65f6d97cad92f85d2083 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2024/12/19 11:11 a.m.1 views

MAL-2024-11964 Malicious code in dep-confusion-tester (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a02b1736028edc558aec7dae01fc23a8b183b0eb84ec65f6d97cad92f85d2083 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/01/10 10:56 a.m.2 views

Malicious code in dep_confusion_test123 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 95f5bc391a39cd114fa8cbec14792e02dbc7fdc132c33d675e5fe104568d81d2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:18 p.m.4 views

Malicious code in bananabr-dep-confusion (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3ec06c86d512781fc859918aefcfea7b20724e0b9334bc986a9547be543ae678 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/06/20 8:18 p.m.9 views

MAL-2022-1456 Malicious code in bananabr-dep-confusion (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3ec06c86d512781fc859918aefcfea7b20724e0b9334bc986a9547be543ae678 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Rows per page
Query Builder