152 matches found
MAL-2024-136 Malicious code in librct (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e1f5f02ff35835e34a22c3e1381a0888b755d52334e14e61160dff3b9ec4e08b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in test-devoxx (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 94d087127b055251bef2c40e4c884c82c7f4e39f4631fa5995116fb9b1d65f4f The OpenSSF Package Analysis project identified 'test-devoxx' @ 0.0.2 npm as malicious. It is considered malicious because: - The package...
Malicious code in enchantv (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f578b605e73b68aae8c1d8a9bd3f55b810839b2bccd720bccc7f887c2e0046c8 Packages either test the malicious behaviour, or actually download and run a simple remote script during the installation. --- Category: PROBABLYPENTEST -...
MAL-2023-8555 Malicious code in otnet-ory-network-tests (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 19a9ebfed32ec491b007a6c7e65f8ebae68d0acc3175b56442fa67e25fc916fe Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-8440 Malicious code in mux-meet-nextjs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a7f1d733a701939944e87966e022ec92915cd460d6293ee215e0e838ce752e77 The OpenSSF Package Analysis project identified 'mux-meet-nextjs' @ 2.0.0 npm as malicious. It is considered malicious because: - The package...
Malicious code in xterm-addon-clipboard (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 5cf6d3796e2698ca788f0833376dcbd11460b764506f5ffb63bdd8e71262113e The OpenSSF Package Analysis project identified 'xterm-addon-clipboard' @ 6.0.7 npm as malicious. It is considered malicious because: - The...
MAL-2023-8256 Malicious code in zenfi-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 9a75914f8d0929ed48294224224fab435793f654258889e4435c268b34d2ac4c The OpenSSF Package Analysis project identified 'zenfi-sdk' @ 1.5.2 npm as malicious. It is considered malicious because: - The package...
MAL-2023-8227 Malicious code in nequi-aws-kms (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f31f502dc3ccd6a55cacb7aaeb1c7e6d18a66345ca5b79b21809095bcf232fa7 The OpenSSF Package Analysis project identified 'nequi-aws-kms' @ 0.1.6 npm as malicious. It is considered malicious because: - The package...
MAL-2023-8226 Malicious code in company_package_my (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3f3e6351419385dd63eeaa9bdd36d22be97aa05d213effc8f93ef580e76e7226 The OpenSSF Package Analysis project identified 'companypackagemy' @ 1.0.3 npm as malicious. It is considered malicious because: - The package...
MAL-2023-7988 Malicious code in metronome-synth-info-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9e99092c601ede7db26a42e21544d65cff430ba4d36d1a76232973801b8d3fec Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in platon-contract (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 22347eb604c2a9b522547d6197c65f032cdeb71d4a38c8777a866fb3271869da The OpenSSF Package Analysis project identified 'platon-contract' @ 50.0.0 npm as malicious. It is considered malicious because: - The package...
Malicious code in devops-challenge (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ae82cf2333c3027eb9266e05dfa4697724ae1623e3b662c2b129d5f716f55aa4 The OpenSSF Package Analysis project identified 'devops-challenge' @ 99.99.990 npm as malicious. It is considered malicious because: - The packa...
Malicious code in jscrambler-dashboard-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 7a31aff9b73f313c920ebbb6370e3afc3139565f139114ab47ef7859e989f418 The OpenSSF Package Analysis project identified 'jscrambler-dashboard-components' @ 9.9.9 npm as malicious. It is considered malicious because: ...
MAL-2023-1198 Malicious code in hellodependency5 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis caa3595977335e1bacb314c6a0a7866651c4eea9f9eb5d3b4d6a4f7d3458a988 The OpenSSF Package Analysis project identified 'hellodependency5' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...
MAL-2023-1135 Malicious code in chegg-contentful (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 0f294558304bba4da1c74169d026ebb78d4c1509bc734739942abe3860bc7390 Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ossf-package-analysis...
Malicious code in chain00xtest3 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d395f073dbbc2c8412d5341657a944edf74e11f1234dc1a97587fc4c3e6028c5 The OpenSSF Package Analysis project identified 'chain00xtest3' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...
Malicious code in dragonsense-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b16039afbf251f78d8c6adf4bb07342e8c112167bef9e0749651dacbdaf12c26 The OpenSSF Package Analysis project identified 'dragonsense-config' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...
MAL-2023-851 Malicious code in test-op-solhint (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3f8f315fe20128ae26be541522255c4eeab47ec166f70e54ca5a2c6cb533ae67 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in pmcrypto-v7 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a3a1eb09bba631f290225217047eab8997cef64f4c0e321d47728fc9ee46f6aa The OpenSSF Package Analysis project identified 'pmcrypto-v7' @ 8.999.0 npm as malicious. It is considered malicious because: - The package...
MAL-2023-937 Malicious code in vh3 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 43579c54bc5b30465c06b594fae446a6677de86c30d00f9808fe280b4d2338dd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...