CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

MAL-2026-5613 Malicious code in internallib_v346 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16f3f2c0990e02417fdf7012e6531393e81f786bb16019d0efdb03c049817f90 Package name targets an internal-only namespace and ships a reverse-shell payload. index.js line 5 unconditionally invokes exec'/bin/bash -c "bash -i...

OSSF Malicious Packages•added yesterday•8 views

Malicious code in internallib_v346 (npm)

MAL-2026-5571 Malicious code in qa-handoff (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4939e56124668b7d03f9e2a96dfbfedba53e24aaa5d2190e298547e724b1f851 On npm install, the package automatically executes lib/setup.js via the postinstall lifecycle hook. The script spawns a detached Node process that...

OSSF Malicious Packages•added yesterday•5 views

Malicious code in @w2d/web-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b8292b80f3e692b249561a14d94d2dfa0196f2377e7eee027b8dd630d251bd1 The package targets the @w2d scope with an artificially high version 2.999.999 — the canonical dependency-confusion shape designed to outrank an...

MAL-2026-5541 Malicious code in @w2d/web-components (npm)

OSSF Malicious Packages•added yesterday•5 views

Malicious code in pocteszep (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e13c609971d69e4699c85f451f163c7ab60ebb775171211fbd20d880b0ef2a2d The package's npm preinstall lifecycle script runs wget --quiet...

5.6AI score

Exploits0References7

MAL-2026-5540 Malicious code in @monitoring-lib/error-tracking (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 491603ad44ed812c3d248696b00f7d4801a4c1dc23e4f23a3bb86f2ef499616d On npm install, the preinstall lifecycle hook in package.json runs a Node one-liner that reads the installer's hostname os.hostname and username...

MAL-2026-5537 Malicious code in @entos-ems/xerxes-client-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5632d30e60b3bb5fc5d731458a7c2972bd356c3ec1a9e8064df135359ee4ec7b On npm install, package.json's preinstall: node index.js hook fires automatically and runs a reconnaissance beacon. index.js collects host identifier...

OSSF Malicious Packages•added 2 days ago•6 views

Malicious code in zer0onedatetool (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 73fd05fda74bbf13c6275d4da0fa80fece821cad03fb2237ae74ed24309eab52 The postinstall lifecycle script in this package issues curl POST requests to a subdomain of oastify.com — the out-of-band callback domain operated b...

6AI score

OSSF Malicious Packages•added 2 days ago•5 views

Malicious code in @coze-common/chat-area (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 89b49d08422192fa57b4739bf462f0e8b3c206b2c3cfad15578ac92dd6f47b04 This package is a dependency-confusion/namespace-squat against ByteDance's @coze-common scope. The library is hollow — index.js is module.exports = a...

OSV•added 2 days ago•4 views

MAL-2026-5533 Malicious code in @coze-common/chat-area (npm)

OSV•added 2 days ago•3 views

MAL-2026-5532 Malicious code in icinga (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fbedb312e9cfe0f5cc7783487adc963f142ebcaefa0fb9305a9a535f373b052d PyPI package 'icinga' at version 99.1.0 is a dependency-confusion / typosquat lure against the Icinga monitoring project. It ships no real...

5.7AI score

Exploits0References3

OSSF Malicious Packages•added 2 days ago•6 views

Malicious code in @helpcentre/tesco-help (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eb75510e87a08a5152331461c2b2b955ad21d418c8d2055f5f66ec15e22cf042 On npm install, the postinstall hook runs node index.js, which performs an HTTPS POST to https://f1ackavab3.execute-api.eu-west-2.amazonaws.com/...

OSSF Malicious Packages•added 2 days ago•8 views

Malicious code in @orion-design-system/foundation (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e7fdf1bb78d6c3750adffa854f5f08c7f2fd7af6166f7234aa5cbf4974a1375 The package's npm preinstall lifecycle script runs an inline node -e payload that collects the installer's hostname os.hostname and OS username...

OSV•added 2 days ago•5 views

Exploits0References5

MAL-2026-5522 Malicious code in @orion-design-system/components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector edd5d007da2de0a07fc1a0d999cccbf71a748627c82c9b2000d161eb248a5a0f package.json declares a preinstall hook that runs an inline node -e script reading os.hostname and os.userInfo.username and transmitting them via HTT...

OSSF Malicious Packages•added 2 days ago•7 views

Malicious code in @orion-design-system/components (npm)

OSV•added 2 days ago•4 views

MAL-2026-5524 Malicious code in @orion-design-system/store (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4218505b74ba258cea12df713bbc27db9fa58d6660cf83e6d0c5fd8a9f68a4c2 package.json declares a preinstall script that runs on every npm install. The script uses node -e to require os and https, reads os.hostname and...

OSSF Malicious Packages•added 2 days ago•5 views

Exploits0References3

Malicious code in firefly-utilities-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cadcdda902675162dd9cfabd9d8133986723d4c956437633f36a5a07b776ef59 [email protected] ships an empty stub index.js: module.exports = ; with no description, author, or repository, but declares a single...

5.6AI score

OSV•added 2 days ago•4 views

MAL-2026-5517 Malicious code in firefly-utilities-helper (npm)

5.6AI score