Lucene search
K

7 matches found

OSV
OSV
added 2026/06/06 6:13 a.m.10 views

MAL-2026-5295 Malicious code in coolbox (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c55bfdad112134e980af7568a9138be1e4b940f7bfbeebad2b0f85d9337a0f44 The wheel installs coolbox-setup.pth, a Python path-configuration file that Python auto-loads at every interpreter startup any python invocation...

5.7AI score
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/01 12:0 a.m.12 views

Malicious code in @redhat-cloud-services/remediations-client (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/05/19 12:0 a.m.8 views

MAL-2026-3938 Malicious code in @antv/g-plugin-canvaskit-renderer (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References4
OSV
OSV
added 2025/11/25 12:16 a.m.3 views

MAL-2025-191356 Malicious code in @voiceflow/natural-language-commander (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bcffcb39c546d02117506c26844a1fddcedc61f18cd934b27642817c62189437 The package @voiceflow/natural-language-commander was found to contain malicious code. Source: ghsa-malware...

6.8AI score
Exploits0References4
Veracode
Veracode
added 2025/09/22 8:6 a.m.8 views

Information Disclosure

nx is vulnerable to Information Disclosure. The vulnerability is due to malicious package versions containing code that scans the file system and collects credentials, which allows an attacker to exfiltrate sensitive data by posting it to GitHub under the victim’s account...

5.3AI score
Exploits0
OSV
OSV
added 2025/09/16 5:5 p.m.3 views

MAL-2025-47389 Malicious code in @nativescript-community/ui-material-bottom-navigation (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: google-open-source-security c1599f8fe4dad02bc9f083f9d6c3af166818ba3a80e2bb13c37a4052f581b81c This package was compromised by the Shai-Hulud NPM worm. The malicious payload steal...

7.2AI score
Exploits0References5
OSV
OSV
added 2025/09/16 5:5 p.m.2 views

MAL-2025-47380 Malicious code in @art-ws/openapi (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 95bf1ca6cf44627c0e79bccad94ab171021ece601814ac65cc70d055d925a3f0 Any computer that has this package installed or running should be considered fully compromised. All...

7.1AI score
Exploits0References6
Rows per page
Query Builder