14 matches found
Malicious code in express-mocha-test (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 01d87351be0d9f68d73ec05867e55fe5712d4885fa76c70c5ec9b003ef512825 [email protected] declares a postinstall lifecycle hook that loads the package's main module, which calls fetch against an anonymous...
Malicious code in carbonite-internal (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4fec002c13bf1ef1b49658e5dc490ca30515cf414294154827adadab04cbc234 The package carbonite-internal was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-2981 Malicious code in @bmg-web/bmg-button (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b59b2c3d1c98e7a5f4faae9549ed4f302c9273e1efeaee63e70f3013300327c2 The package @bmg-web/bmg-button was found to contain malicious code. Source: ossf-package-analysis...
MAL-2025-41375 Malicious code in cld-ai-chatbot-web (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 47807a9125d00d52f4b02cf9742fdd7efd42b3b9cc93d5091594127fa5c9771c Any computer that has this package installed or running should be considered...
MAL-2025-6897 Malicious code in swiv (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 945d4a5f54e77ae66588b5b64aa30eb2627903bffcb72a3031b9c4b6b2122b43 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2025-6957 Malicious code in somemalicious (npm)
The package communicates with a domain associated with malicious activity...
Malicious code in talk-desktop (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...
Malicious code in lyft-sync (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis bad08278af65d859072402dbc935300d4c8d6036f2f214644533c0af1b8f7b8e The OpenSSF Package Analysis project identified 'lyft-sync' @ 999.9.9 npm as malicious. It is considered malicious because: - The package...
Malicious code in godaddy-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis fbc982202586a71e3e0e5ad119c42a6517f839d2b74320b097508397b127243a The OpenSSF Package Analysis project identified 'godaddy-sdk' @ 999.9.9 npm as malicious. It is considered malicious because: - The package...
Malicious code in bookingcom-tools (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f3efaad9e12b23a4ec5230344045108f961982d137157a29edb1283679f35031 The OpenSSF Package Analysis project identified 'bookingcom-tools' @ 999.9.9 npm as malicious. It is considered malicious because: - The package...
Malicious code in artifact-lab-3-package-b55680cd (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 be4896eebe0a6b7185d165cec1e593faea8a14a8b2386711ef9c08657273bb31 Packages showing simple variants of revshell with targets to ngrok. Most probably experiments. Later versions moved to use Burp Collaborator to exfiltrate simp...
Malicious code in rtpoc1 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 6fec3cb3c9354af29d7edbc82703c0fe7406084014bd610bd383ee2795d324ca Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in mapsapi-area (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3a12b68cea467324465b98ad4c7ffcddb67cac55eec195215bce156b916abbda The OpenSSF Package Analysis project identified 'mapsapi-area' @ 2.0.0 npm as malicious. It is considered malicious because: - The package...
Malicious code in @shennong/web-logger (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a2fd786e967b26aa2bbe8f8367eda2745ce70026f11bcc9b832e3bcb93433b58 The OpenSSF Package Analysis project identified '@shennong/web-logger' @ 25.0.1 npm as malicious. It is considered malicious because: - The...