Lucene search
K

1820 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2 hours ago3 views

Malicious code in yelp-react-component-chaos (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 888a90bd95ca140a3cc5946c0f1a7bf5b52f04ac2f7732722de7db72ec409801 The OpenSSF Package Analysis project identified 'yelp-react-component-chaos' @ 8.14.5 npm as malicious. It is considered malicious because: - Th...

Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago7 views

Malicious code in quickwinston (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 304b4e430bff604f20121bc97398fa6ee18a25c16187d31b6553248bc54e63c7 The OpenSSF Package Analysis project identified 'quickwinston' @ 3.19.3 npm as malicious. It is considered malicious because: - The package...

5.5AI score
Exploits0
OSV
OSV
added 2 days ago3 views

MAL-2026-5366 Malicious code in zer0one-dnslog (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 61ff41f8e8f8f87ab7d1d60d8bed288957cbfa3352dfc6478b12f628c93c51c9 The OpenSSF Package Analysis project identified 'zer0one-dnslog' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

5.5AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago4 views

Malicious code in @solana-labs/web3-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 99d2ea7302fd72532bbe21dd885a0c456599e7fb1e8055977e35ae563236e530 The OpenSSF Package Analysis project identified '@solana-labs/web3-js' @ 1.0.0 npm as malicious. It is considered malicious because: - The packa...

5.5AI score
Exploits0
OSV
OSV
added 3 days ago2 views

MAL-2026-5363 Malicious code in @solana-labs/web3-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 99d2ea7302fd72532bbe21dd885a0c456599e7fb1e8055977e35ae563236e530 The OpenSSF Package Analysis project identified '@solana-labs/web3-js' @ 1.0.0 npm as malicious. It is considered malicious because: - The packa...

5.5AI score
Exploits0
OSV
OSV
added 3 days ago3 views

MAL-2026-5362 Malicious code in @solana-labs/etherjs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f3c9e260b3ed97dca42969f7b7836399ce071c4708cffd473bd6b3cf62925401 The OpenSSF Package Analysis project identified '@solana-labs/etherjs' @ 1.0.0 npm as malicious. It is considered malicious because: - The packa...

5.5AI score
Exploits0
OSV
OSV
added 6 days ago8 views

MAL-2026-5188 Malicious code in hello244a (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3d7e9578338cca22e41d1ac1345136162b5441eb57090bb89fbc73bd37976c71 The OpenSSF Package Analysis project identified 'hello244a' @ 1.0.4 npm as malicious. It is considered malicious because: - The package...

5.8AI score
Exploits0
OSV
OSV
added 2026/06/02 4:30 p.m.7 views

MAL-2026-5168 Malicious code in vg-interaction-model (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis aba91a5b2aeb99e94b28109825a7ac069669d39c12c118fd37d9ef70afe63261 The OpenSSF Package Analysis project identified 'vg-interaction-model' @ 40.0.1 npm as malicious. It is considered malicious because: - The...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/01 6:30 p.m.10 views

Malicious code in align_rest_api (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a3b4fd5fe3e581dc76f4fbe187da4427e159ff73a717a99c2f519af87ca7b2c8 The OpenSSF Package Analysis project identified 'alignrestapi' @ 99.99.99 rubygems as malicious. It is considered malicious because: - The packa...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/28 2:25 p.m.14 views

Malicious code in @neon-i18n/core-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis dbdc5bd090d8e85771f77fa3a7a113e08fbfb31de54ae399ed92565bdac246df The OpenSSF Package Analysis project identified '@neon-i18n/core-ui' @ 99.99.99 npm as malicious. It is considered malicious because: - The...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/27 4:45 a.m.9 views

Malicious code in editorial-code (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d7404afc131a113ef01d7eb896439a8719bb0f1b8d67e491d53321fdd5981e97 The OpenSSF Package Analysis project identified 'editorial-code' @ 99.0.1 npm as malicious. It is considered malicious because: - The package...

5.8AI score
Exploits0
OSV
OSV
added 2026/05/27 4:45 a.m.4 views

MAL-2026-4830 Malicious code in editorial-code (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d7404afc131a113ef01d7eb896439a8719bb0f1b8d67e491d53321fdd5981e97 The OpenSSF Package Analysis project identified 'editorial-code' @ 99.0.1 npm as malicious. It is considered malicious because: - The package...

5.8AI score
Exploits0
OSV
OSV
added 2026/05/27 4:35 a.m.5 views

MAL-2026-4832 Malicious code in mse-authentication (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a953627a77037de50d82384daca1d98d101c4c09b315ab91fd597a43557fbd99 The OpenSSF Package Analysis project identified 'mse-authentication' @ 99.0.1 npm as malicious. It is considered malicious because: - The packag...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/27 4:35 a.m.8 views

Malicious code in mse-authentication (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a953627a77037de50d82384daca1d98d101c4c09b315ab91fd597a43557fbd99 The OpenSSF Package Analysis project identified 'mse-authentication' @ 99.0.1 npm as malicious. It is considered malicious because: - The packag...

5.8AI score
Exploits0
OSV
OSV
added 2026/05/27 4:25 a.m.4 views

MAL-2026-4831 Malicious code in editorial-mse-authentication-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a97fd474e8661c575287f7cc9fddd0ee1ac95240c13653555ca2b416e895b99a The OpenSSF Package Analysis project identified 'editorial-mse-authentication-ui' @ 99.0.1 npm as malicious. It is considered malicious because:...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/25 6:12 p.m.8 views

Malicious code in @databus-service-ui/ui-event (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b82b3af71dce087a185cffa6f3691ad5a4e4c3d9e35154070ef4ad0dd4f15b10 scripts/postinstall.js performs two install-time attacks against any machine that runs npm install. 1 Credential exfiltration: it iterates process.en...

6.4AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/25 5:31 p.m.10 views

Malicious code in verify-mycommand (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2f94ffb54a2471d0cc94ce1ea88f741e034221a374f17bfadbd609cb22f14f24 On npm install, postinstall.js executes whoami and id, collects host identity hostname, platform, cwd and CI metadata CI, GITHUBREPOSITORY, NODEENV...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/24 7:40 p.m.5 views

MAL-2026-4289 Malicious code in @stockrepublic/republic-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 300b309644b646817c47a283d8b9aaa018e8ae0f59986207f55fd0c39dca872a The package masquerades as an internal @stockrepublic component version 99.0.0, description 'Runs git diff and saves the output to git.log on install...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/24 7:40 p.m.8 views

Malicious code in @stockrepublic/republic-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 300b309644b646817c47a283d8b9aaa018e8ae0f59986207f55fd0c39dca872a The package masquerades as an internal @stockrepublic component version 99.0.0, description 'Runs git diff and saves the output to git.log on install...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/24 6:38 p.m.6 views

MAL-2026-4290 Malicious code in clipboard-guardian (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6cf1e5328821dbb36e54a2d796ad934ebe79257f8927e2ba741016c4a0f2c79d This package is a cryptocurrency clipper masquerading as a clipboard-protection tool. Its postinstall script npm-install.cjs writes 30+ hardcoded...

5.8AI score
Exploits0References4
Rows per page
Query Builder