Lucene search
K

1769 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/27 4:45 a.m.9 views

Malicious code in editorial-code (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d7404afc131a113ef01d7eb896439a8719bb0f1b8d67e491d53321fdd5981e97 The OpenSSF Package Analysis project identified 'editorial-code' @ 99.0.1 npm as malicious. It is considered malicious because: - The package...

5.8AI score
Exploits0
OSV
OSV
added 2026/05/27 4:45 a.m.4 views

MAL-2026-4830 Malicious code in editorial-code (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d7404afc131a113ef01d7eb896439a8719bb0f1b8d67e491d53321fdd5981e97 The OpenSSF Package Analysis project identified 'editorial-code' @ 99.0.1 npm as malicious. It is considered malicious because: - The package...

5.8AI score
Exploits0
OSV
OSV
added 2026/05/27 4:35 a.m.6 views

MAL-2026-4832 Malicious code in mse-authentication (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a953627a77037de50d82384daca1d98d101c4c09b315ab91fd597a43557fbd99 The OpenSSF Package Analysis project identified 'mse-authentication' @ 99.0.1 npm as malicious. It is considered malicious because: - The packag...

5.8AI score
Exploits0
OSV
OSV
added 2026/05/27 4:25 a.m.4 views

MAL-2026-4831 Malicious code in editorial-mse-authentication-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a97fd474e8661c575287f7cc9fddd0ee1ac95240c13653555ca2b416e895b99a The OpenSSF Package Analysis project identified 'editorial-mse-authentication-ui' @ 99.0.1 npm as malicious. It is considered malicious because:...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/25 6:12 p.m.8 views

Malicious code in @databus-service-ui/ui-event (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b82b3af71dce087a185cffa6f3691ad5a4e4c3d9e35154070ef4ad0dd4f15b10 scripts/postinstall.js performs two install-time attacks against any machine that runs npm install. 1 Credential exfiltration: it iterates process.en...

6.4AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/25 5:31 p.m.10 views

Malicious code in verify-mycommand (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2f94ffb54a2471d0cc94ce1ea88f741e034221a374f17bfadbd609cb22f14f24 On npm install, postinstall.js executes whoami and id, collects host identity hostname, platform, cwd and CI metadata CI, GITHUBREPOSITORY, NODEENV...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/24 7:40 p.m.8 views

Malicious code in @stockrepublic/republic-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 300b309644b646817c47a283d8b9aaa018e8ae0f59986207f55fd0c39dca872a The package masquerades as an internal @stockrepublic component version 99.0.0, description 'Runs git diff and saves the output to git.log on install...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/24 7:40 p.m.5 views

MAL-2026-4289 Malicious code in @stockrepublic/republic-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 300b309644b646817c47a283d8b9aaa018e8ae0f59986207f55fd0c39dca872a The package masquerades as an internal @stockrepublic component version 99.0.0, description 'Runs git diff and saves the output to git.log on install...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/24 6:38 p.m.8 views

Malicious code in clipboard-guardian (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6cf1e5328821dbb36e54a2d796ad934ebe79257f8927e2ba741016c4a0f2c79d This package is a cryptocurrency clipper masquerading as a clipboard-protection tool. Its postinstall script npm-install.cjs writes 30+ hardcoded...

5.8AI score
Exploits0References4
OSV
OSV
added 2026/05/24 6:38 p.m.6 views

MAL-2026-4290 Malicious code in clipboard-guardian (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6cf1e5328821dbb36e54a2d796ad934ebe79257f8927e2ba741016c4a0f2c79d This package is a cryptocurrency clipper masquerading as a clipboard-protection tool. Its postinstall script npm-install.cjs writes 30+ hardcoded...

5.8AI score
Exploits0References4
OSV
OSV
added 2026/05/24 11:5 a.m.8 views

MAL-2026-4274 Malicious code in power-apps (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f68653eed66e7343973bc919788864990337f7645072d32a9d7465d4bf4ff4e7 On npm install, postinstall.js executes whoami, id, and reads os.hostname, os.platform, process.cwd, and CI/GitHub environment variables, then sends...

5.8AI score
Exploits0References3
OSV
OSV
added 2026/05/23 5:52 p.m.6 views

MAL-2026-4267 Malicious code in @newline53/newline-ts-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 475a7ac4130ef9c168565439f8cac230fce87b1d59bc116caec6c712f3a5dc60 On npm install, the postinstall hook node install.js collects os.hostname and os.userInfo.username along with the package name, encodes them as a DNS...

5.8AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/23 3:56 p.m.8 views

Malicious code in discovery-build (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c24a1e59b8c5d3ae1059499825bf47d1abe8d362ddefe264f1a429ed9e7e98cc package.json declares scripts.postinstall=node postinstall.js, which executes unconditionally on npm install. The script collects host identifiers...

5.8AI score
Exploits0References4
OSV
OSV
added 2026/05/23 3:56 p.m.5 views

MAL-2026-4266 Malicious code in discovery-build (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c24a1e59b8c5d3ae1059499825bf47d1abe8d362ddefe264f1a429ed9e7e98cc package.json declares scripts.postinstall=node postinstall.js, which executes unconditionally on npm install. The script collects host identifiers...

5.8AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/23 2:52 p.m.8 views

Malicious code in @asavie/i18n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d803002ee95ea92bdcb3a918e1be10930816db383ce2a58a6947afea84e04040 @asavie/[email protected] is a dependency-confusion package targeting an unclaimed npm scope. Its package.json declares a preinstall hook that runs node...

5.9AI score
Exploits0References3
OSV
OSV
added 2026/05/23 2:52 p.m.5 views

MAL-2026-4265 Malicious code in @asavie/i18n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d803002ee95ea92bdcb3a918e1be10930816db383ce2a58a6947afea84e04040 @asavie/[email protected] is a dependency-confusion package targeting an unclaimed npm scope. Its package.json declares a preinstall hook that runs node...

5.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/23 2:15 a.m.6 views

Malicious code in dds-js-idl (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c864bc6e21a3795faba4de876942dfffa4baed76c926d96d52c83c32d1f49f69 On npm install, postinstall.js runs whoami via execSync and collects os.hostname, os.platform, cwd, and CI/GitHub env vars, then exfiltrates them ove...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/23 2:15 a.m.6 views

MAL-2026-4264 Malicious code in dds-js-idl (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c864bc6e21a3795faba4de876942dfffa4baed76c926d96d52c83c32d1f49f69 On npm install, postinstall.js runs whoami via execSync and collects os.hostname, os.platform, cwd, and CI/GitHub env vars, then exfiltrates them ove...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/21 6:52 p.m.8 views

Malicious code in @jaggle/resizeobserves (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3fe4b050d79ecfc702c9222cf3347e49d4530efd23a2120ee040ef32e0a76e4f Package name impersonates the popular @juggle/resize-observer j→j substitution and pluralized 'resizeobserves' and the README is copied verbatim from...

5.8AI score
Exploits0References19
OSV
OSV
added 2026/05/21 6:52 p.m.6 views

MAL-2026-4288 Malicious code in @jaggle/resizeobserves (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3fe4b050d79ecfc702c9222cf3347e49d4530efd23a2120ee040ef32e0a76e4f Package name impersonates the popular @juggle/resize-observer j→j substitution and pluralized 'resizeobserves' and the README is copied verbatim from...

5.8AI score
Exploits0References19
Rows per page
Query Builder