Lucene search
K

39 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago9 views

Malicious code in @luminarycloudinternal/frodo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 58ed68e675b2b6cde30e6b7c8e34077eda805a4bde64ca7cd2c68c6f4370ee5f Package published under a scope shadowing internal Luminary Cloud packages @luminarycloudinternal at version 9999.0.1 — the canonical...

5.9AI score
Exploits0References4
OSV
OSV
added 2026/06/29 6:12 a.m.17 views

MAL-2026-6582 Malicious code in openai-agents-helpers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 768ddf82a7644f1678a27f3037c8a3fc4fae5f00b6181d6507a49892d20a7fda On npm install, scripts/postinstall.js automatically reads a broad set of installer-side identity and cloud-configuration files — /.gitconfig and the...

6.1AI score
Exploits0References26
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 5:51 a.m.9 views

Malicious code in ollama-helpers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 52323ef2a3908b7db1565ae149128d053363ab2612c7bc3a938c3f2d63c285cf scripts/postinstall.js executes automatically on npm install and performs a bulk harvest of installer-side identity and configuration data: OS hostna...

5.9AI score
Exploits0References24
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:21 a.m.10 views

Malicious code in @epic-common/observability-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 73d7457ccefffe2de1f0464f21ac2eadfb981be593d2b34ceb0d5cde1174da0b Package targets the private @epic-common scope Epic Games and is published to the public npm registry as a dependency-confusion vehicle. On import of...

5.9AI score
Exploits0References3
OSV
OSV
added 2026/06/29 4:21 a.m.6 views

MAL-2026-6562 Malicious code in @epic-common/observability-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 73d7457ccefffe2de1f0464f21ac2eadfb981be593d2b34ceb0d5cde1174da0b Package targets the private @epic-common scope Epic Games and is published to the public npm registry as a dependency-confusion vehicle. On import of...

5.9AI score
Exploits0References3
OSV
OSV
added 2026/06/27 3:48 a.m.9 views

MAL-2026-6545 Malicious code in crossmint-wallets-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dd4caebfba35b43bf10f156fe687f455e95b09a514b8644fe1a900b63f1bf78a Package name impersonates the Crossmint wallet SDK family. Both preinstall.js and index.js import childprocess, capture host identifiers hostname is...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/06/17 10:23 p.m.6 views

MAL-2026-6087 Malicious code in uol-simple-api-futebol (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 962c38ed6ec061ce6a530aeea5a960dfc2b75caec56f7a1bc648f6b6cb655271 The package's only documented function, getJogos default export, unconditionally invokes an internal helper named prepareCacheMatchs which POSTs the...

5.8AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 4:41 a.m.11 views

Malicious code in runtime-metrics-w7k2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9c2062a3f2564ced7261d9b8be8a49e11117bd74ffe3e92aad6029c471921e2d Package declares a postinstall hook "postinstall": "node run.js" that fires automatically on npm install. The tarball ships beacon scripts beacon18.j...

5.4AI score
Exploits0References2
OSV
OSV
added 2026/06/15 4:22 p.m.10 views

MAL-2026-5794 Malicious code in neural-network-scan (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 898c75e5a6ae94d115820736ffd2ca4cb948f72655d5c0175a3432cec835768c The package ships a collect.js script that imports childprocess and performs an HTTP POST carrying host identifiers hostname referenced multiple time...

5.4AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/15 3:54 p.m.13 views

Malicious code in nativescript-swisspost-imagepicker (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b2271ce1525f722f302ee59b9de3270020e6d1aa84d74cc2972cb6ffa34d9a62 package.json declares preinstall: node index.js. On npm install, index.js reads process.env.INITCWD the installing project's working directory, takes...

5.4AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/15 3:10 p.m.14 views

Malicious code in ing-feat-itsme-oidc-authentication (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 175d0dba1f70bc84bcd4e29b57e0f7831248582614cd146af7d1ea6d1d057cd5 On npm install, package.json's preinstall hook executes poc.js, which collects os.hostname, os.userInfo.username, process.cwd, and process.platform,...

5.3AI score
Exploits0References1
OSV
OSV
added 2026/06/15 3:10 p.m.11 views

MAL-2026-5780 Malicious code in ing-feat-itsme-oidc-authentication (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 175d0dba1f70bc84bcd4e29b57e0f7831248582614cd146af7d1ea6d1d057cd5 On npm install, package.json's preinstall hook executes poc.js, which collects os.hostname, os.userInfo.username, process.cwd, and process.platform,...

5.4AI score
Exploits0References1
OSV
OSV
added 2026/06/14 7:21 a.m.14 views

MAL-2026-5764 Malicious code in sys-info-cli-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1423c435a0e9e86338dd64d138fb1697580751ade2b7486880e21785e1b3eb47 The package's collect.js gathers host identifiers os.hostname, os.homedir along with filesystem and childprocess introspection and POSTs them to a...

5.3AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 5:17 a.m.20 views

Malicious code in ai-sdk-helpers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 501daa3c8b2c9c2609dc60fd90ae59710a603ae56fa5dcc867d24913889c5413 [email protected] is a typosquat impersonating the Vercel AI SDK ecosystem homepage ai-sdk.guide, author 'AI SDK Guide '. On npm install,...

5.9AI score
Exploits0References26
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 8:34 p.m.13 views

Malicious code in mcp-server-redis (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c94a122c1dd231888bc72b52cbef5dbdd793d2680f7e7e36385bd06e07dc20fd Package claims the unscoped name mcp-server-redis to intercept npx mcp-server-redis invocations intended for the legitimate MCP Redis server ecosyste...

5.3AI score
Exploits0References2
OSV
OSV
added 2026/06/09 8:34 p.m.11 views

MAL-2026-5482 Malicious code in mcp-server-redis (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c94a122c1dd231888bc72b52cbef5dbdd793d2680f7e7e36385bd06e07dc20fd Package claims the unscoped name mcp-server-redis to intercept npx mcp-server-redis invocations intended for the legitimate MCP Redis server ecosyste...

5.4AI score
Exploits0References2
OSV
OSV
added 2026/06/09 8:33 p.m.18 views

MAL-2026-5485 Malicious code in mcp-server-supabase (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 85ea87cccc1a60ceb3cf3efe3d5e9839ae5e2a53beaa024a66827f2cdc2504c8 Package squats the unscoped name mcp-server-supabase to intercept npx mcp-server-supabase invocations intended for the official scoped Supabase Model...

5.4AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/26 3:27 p.m.20 views

Malicious code in loadtest-browser-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 934a61b207f82f8549de09139a73a80f47746bba1dacd21f657d34e6e542324e On npm install, the package's preinstall hook executes index.js, which collects host identifiers hostname, username, platform, arch, cwd, pid,...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/25 2:15 p.m.12 views

Malicious code in walmart-shared-modules (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e6bfb508fa412e49b249eaf5529f175ebb14f0e7d9fe19a119e8cc9acf25505a Package declares preinstall: node poc.js, which on npm install collects host identity os.hostname, whoami/id, ipconfig/ip a output, scrapes environme...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/25 2:15 p.m.8 views

MAL-2026-4685 Malicious code in tempo-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6790e6e83af71238b9773ae49568f5374d094d23d1a7247ef4560d645ef64024 The package contains a file poc.js that imports os, https, fs, and childprocess; collects host identifiers including os.hostname, os.platform, and th...

5.9AI score
Exploits0References1
Rows per page
Query Builder