152 matches found
Malicious code in yarn2nix (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 926aa0eee20951e4172e721ccd2f312b8bf8b7f4618dd28b4f54cde9acdc76d8 The OpenSSF Package Analysis project identified 'yarn2nix' @ 1.3.4 npm as malicious. It is considered malicious because: - The package...
MAL-2024-10546 Malicious code in sa11y-monorepo (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c6d5bafaebfdac1f978717befc53c254b49402446987a1ab641393d3aa341bd1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-10543 Malicious code in nordic-dev (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1d092883ffa5f152a8f2a83ea9b516dc1228960983868316a9dd74fd197f6b43 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-10474 Malicious code in verifypoc (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c595859885b469030e044b6604a0e533f4f5508c8ef28c96da2319428bfc600f The OpenSSF Package Analysis project identified 'verifypoc' @ 1.0.1 npm as malicious. It is considered malicious because: - The package...
Malicious code in evernote-thrift (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 0cafc1fbe5d3aca2d0d736873649060e6c9dce551db713b3d91723a78f9a2f22 The OpenSSF Package Analysis project identified 'evernote-thrift' @ 1.4.8 npm as malicious. It is considered malicious because: - The package...
MAL-2024-10308 Malicious code in vpsnet-website (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5a6306e16dc768df2420085aa5f4943c50eb1d96ddd9040f840df1b8f7b256b5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-10241 Malicious code in youreallydontwantthispackage2131 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 8bca93b1825c930118e85cc054305e6aef120080f8cc68233467eb6ee7b3ff1d Installing the package attempts to exfiltrate GCP tokens. As it uses a random names and/or targets specific accounts, it's most probably a pentest. --- Categor...
MAL-2024-9305 Malicious code in ts-calling-test-app (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 0db756d26a3007b10201297415dfaa2cf6315b37f9ef0b88fa32feac6aaf42bd The OpenSSF Package Analysis project identified 'ts-calling-test-app' @ 1.999.0 npm as malicious. It is considered malicious because: - The...
Malicious code in cloudflare-docs-starlight (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis cc416353baa88972c0106ceb1b2fa7077b9cfbcd687be15e44c70ee5edc0c526 The OpenSSF Package Analysis project identified 'cloudflare-docs-starlight' @ 1.1.1 npm as malicious. It is considered malicious because: - The...
Malicious code in gui-timbuctoo-emlo (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 51bc1fd493706f789fb72e128dba57e378ccd77ed131e6820d8d5cd2dbbb4bc9 The OpenSSF Package Analysis project identified 'gui-timbuctoo-emlo' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...
MAL-2024-8849 Malicious code in video.min (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1b2a0713372942343830cd53ad3ad5ffe4dcf7e827523510ef79e32b38f67db3 The OpenSSF Package Analysis project identified 'video.min' @ 1.0.22 npm as malicious. It is considered malicious because: - The package...
Malicious code in proto-google-cloud-dlp-v2beta1 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 1d21bb408ed0e178e23e5b4face7188968fd711ea7ceab009b9d04e6a508740d Generic campaign for all likely research / pentests, where the amount or art of collected data raises questions about the privacy, security and ethical side. -...
MAL-2024-8731 Malicious code in @ep-mobile/icons (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 8898d3fb5c1fead4de584f7a8099d3df0886074a50f328df051524976dda9be2 The OpenSSF Package Analysis project identified '@ep-mobile/icons' @ 99.99.99 npm as malicious. It is considered malicious because: - The packag...
MAL-2024-7855 Malicious code in psh-hydra-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 7e602e73e004aedbd93e2617bee443de236f268346b5b57bd42fcd32669825fd The OpenSSF Package Analysis project identified 'psh-hydra-sdk' @ 1.0.1 npm as malicious. It is considered malicious because: - The package...
MAL-2024-7843 Malicious code in hlwgirl (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 70e129077e409b307127c9a7e24115d3838f7a8748b65fcc22df02cf79af94e7 The OpenSSF Package Analysis project identified 'hlwgirl' @ 1.99.2 npm as malicious. It is considered malicious because: - The package...
MAL-2024-7828 Malicious code in pkl-vscode (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 36b102f69e16083459cf07d2c10dfa74f8921dd7e8eda6686d1ded62b468de73 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in some-random-package-33 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 56e2adbf4dfb01600fc7df2c4a270d862b1b575c7040142ae070c7bf990d671e Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in cugraph-dgl (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 6c1f145fd51ee7737cb44e28b07d4ec3bfe53f4a8aac51d0b8bce58ef8bd71f7 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in atlassian-plugins-jquery (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis fa70e76a995c21512e5537f8ba45c8143816593a98f504f5ac88ad3e752d9eaa The OpenSSF Package Analysis project identified 'atlassian-plugins-jquery' @ 0.0.0-dev npm as malicious. It is considered malicious because: - T...
Malicious code in cx-api-client-lite (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 315d3186e692fd6934de0d66c25255e03eb763a15daa0785e92e58a2abbbba60 The OpenSSF Package Analysis project identified 'cx-api-client-lite' @ 200.0.1 npm as malicious. It is considered malicious because: - The packa...