Lucene search
K

55 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 2:17 p.m.12 views

Malicious code in @doaction/types (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4092c28082abff16427aa0e246a327796294411786dae585fb4ab3114ad6504f @doaction/[email protected] is a dependency-confusion lure targeting an internal @doaction scope. The package.json declares "version": "99.99.99" and pi...

5.5AI score
Exploits0References3
Snyk
Snyk
added 2026/06/09 2:17 p.m.12 views

Malicious Package

Overview @doaction/types is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.5AI score
Exploits0References2
OSV
OSV
added 2026/06/09 2:17 p.m.10 views

MAL-2026-5382 Malicious code in @doaction/types (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4092c28082abff16427aa0e246a327796294411786dae585fb4ab3114ad6504f @doaction/[email protected] is a dependency-confusion lure targeting an internal @doaction scope. The package.json declares "version": "99.99.99" and pi...

5.5AI score
Exploits0References3
OSV
OSV
added 2026/06/09 2:17 p.m.12 views

MAL-2026-5383 Malicious code in @doaction/wasm-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 118555cc138d5dbc40c11c385af69fa4c6c5caa2fc05e6b0b49c65cc69491a78 Package name and description advertise a 'WASM loader,' but the tarball ships no WebAssembly code. Instead, package.json declares "preinstall": "node...

5.6AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 2:17 p.m.15 views

Malicious code in @doaction/systeminformation (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b381d060615d56335f99fa3fabf87b79bea5769df31e58a0420b2e614a032783 Package @doaction/systeminformation published at version 99.99.99 has a name closely matching the widely-used systeminformation npm package and a...

5.9AI score
Exploits0References3
Snyk
Snyk
added 2026/06/09 2:17 p.m.10 views

Malicious Package

Overview @doaction/signalhub is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.5AI score
Exploits0References2
Snyk
Snyk
added 2026/06/09 2:17 p.m.10 views

Malicious Package

Overview @doaction/sudo-prompt is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.5AI score
Exploits0References2
Snyk
Snyk
added 2026/06/09 2:17 p.m.13 views

Malicious Package

Overview @doaction/storage is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 2:17 p.m.15 views

Malicious code in @doaction/storage (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e2555ac1fb49d2dac0108e398a6acffa2bffa1a86326db5fa384ed1232fdab89 Package @doaction/[email protected] is shaped as a dependency-confusion attack against the private-looking @doaction scope. The 99.99.99 sentinel...

5.5AI score
Exploits0References3
Snyk
Snyk
added 2026/06/09 2:17 p.m.11 views

Malicious Package

Overview @doaction/pay is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.5AI score
Exploits0References2
Snyk
Snyk
added 2026/06/09 2:17 p.m.10 views

Malicious Package

Overview @doaction/rrweb-sdk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 2:17 p.m.14 views

Malicious code in @doaction/pay (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 94ec95e460ba16497749775ca5e0bac92e4013e2297dd506bb2b99254acffaf3 @doaction/pay 9.9.9 declares "preinstall": "node scripts/postinstall.js" in package.json, which requires @doaction/shared/bin/postinstall.js and runs...

5.7AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 2:17 p.m.13 views

Malicious code in @doaction/http (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0558fc0fe6ab95434c0f041b1ed88e02039379e9052dbfd3e0faf35a8e8d5d5f Package version 9.9.9 is the canonical version-pinning marker used to outrank any private package during npm dependency resolution. The package...

5.6AI score
Exploits0References3
Snyk
Snyk
added 2026/06/09 2:17 p.m.13 views

Malicious Package

Overview @doaction/examples is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.5AI score
Exploits0References2
Snyk
Snyk
added 2026/06/09 2:17 p.m.14 views

Malicious Package

Overview @doaction/http is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.5AI score
Exploits0References2
Snyk
Snyk
added 2026/06/09 2:17 p.m.9 views

Malicious Package

Overview @doaction/mapstore is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 2:17 p.m.14 views

Malicious code in @doaction/sudo-prompt (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e989180180ebba42b05f086cda01159058a0a9ccca3c4beb95f3e5a31430dfe6 @doaction/sudo-prompt shares the name of the widely-used unscoped sudo-prompt package but contains none of its privilege-escalation functionality. Th...

6.2AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 2:17 p.m.13 views

Malicious code in @doaction/examples (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 361bc047872fceb7885c47404eef734b43ce8e5e7f13554e79d011be6f383339 @doaction/[email protected] declares preinstall: node scripts/postinstall.js in package.json, which requires @doaction/shared/bin/postinstall.js. The...

5.8AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 2:17 p.m.15 views

Malicious code in @doaction/signalhub (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f7bca1eff18553fad58ccd2097810887a61afc717b44a657c6674bfa7317bb41 @doaction/[email protected] is shaped as a dependency-confusion attack against organizations using a private @doaction scope. package.json declares...

5.6AI score
Exploits0References2
OSV
OSV
added 2026/06/09 2:17 p.m.8 views

MAL-2026-5372 Malicious code in @doaction/examples (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 361bc047872fceb7885c47404eef734b43ce8e5e7f13554e79d011be6f383339 @doaction/[email protected] declares preinstall: node scripts/postinstall.js in package.json, which requires @doaction/shared/bin/postinstall.js. The...

5.8AI score
Exploits0References3
Rows per page
Query Builder