Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

39 matches found

OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/12 12:22 a.m.6 views

Malicious code in @squawk/navaids (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eb4f88ca950b4d0ba1fb9666f866d8c742a9b0aeeb2657fadae9ed5dcd30359c The package @squawk/navaids was found to contain malicious code. Source: ghsa-malware 62f878f444def0ffdccd14f64cba4ee46bf960745aefb09d0c0ee16ed5ded86...

5.8AI score
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/04/13 3:25 p.m.6 views

Malicious code in etsy-advocacy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 954b1d4bfe5cfc54379a9fc61d30f5941755592aea62781a2a17e175d6eb38f3 The package etsy-advocacy was found to contain malicious code. Source: ghsa-malware ecd69e1f886e5959e3de00ca5b1235a1c05bef9098aab53be35030cb7b8e007b...

5.7AI score
Exploits0References1
OSV
OSVadded 2026/03/20 4:41 a.m.2 views

MAL-2026-1962 Malicious code in parsejson-pro (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bee06fce3066f17a6400fc1800b42e5c53eeb9826bb9672cec6ad8ff65306807 The package parsejson-pro was found to contain malicious code. Source: ghsa-malware f2f105fb92bd66d0baadfb4bc605643a2eaff5cd51a4d565f82f61e4c0cb3a71...

5.7AI score
Exploits0References1
OSV
OSVadded 2026/03/16 12:0 a.m.4 views

MAL-2026-1500 Malicious code in @storylane/shared-packages (npm)

The package '@storylane/shared-packages' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

5.6AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/03/16 12:0 a.m.4 views

Malicious code in require-in-package (npm)

The package 'require-in-package' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

5.5AI score
Exploits0References3
OSV
OSVadded 2026/02/20 4:56 p.m.3 views

MAL-2026-965 Malicious code in node-native-bridge (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bc9503b92533dc98c475b75c09a1c40fcec67ad7b56c488b9677c0ff0740c4d2 The package node-native-bridge was found to contain malicious code. Source: ghsa-malware...

5.6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/01/07 11:51 p.m.6 views

Malicious code in awsm-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 86a8778a330765a0a4f5b15960d7bba1cf4ea76946cd4395eb239af31c497330 The package awsm-core was found to contain malicious code. Source: ghsa-malware ba13f4a6fbc556808377c1e17e991b77feb5d2d08af58861be6460732cfc3d9e Any...

6.9AI score
Exploits0References1
OSV
OSVadded 2025/12/12 6:34 a.m.3 views

MAL-2025-192565 Malicious code in sdbao-content-sems (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 050ceeb8145a6cac66b0539a7be8d50c66979cd72b54055f3c49c0c40823fd6b The package sdbao-content-sems was found to contain malicious code. Source: ghsa-malware...

6.8AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packagesadded 2025/11/24 10:35 p.m.4 views

Malicious code in get-them-args (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1885f72a03b5b12ad9795b819da4d8cbd92b5985848b3f9a057afd389de5a8f8 The package get-them-args was found to contain malicious code. Source: ghsa-malware d70e3f04273d02fdaa9555197354a75aba13abe81a22763a353d47db93ce9b32...

6.9AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packagesadded 2025/10/10 3:24 p.m.3 views

Malicious code in simple-icon-maker (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d8809c0049ae5c8b8cd198cb99abd3b33d600799607d44fc77777f9b0a711eb8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packagesadded 2025/10/09 5:26 a.m.5 views

Malicious code in @testcarrot/supply2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2c6b1ac7e0d732e96fb12ebfc09964c4e8a5a58fb8b0a2dc11dab3fad6c78359 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSVadded 2025/10/07 2:39 a.m.1 views

MAL-2025-47953 Malicious code in oxrvxalllcaj (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c188f8718a360fffb7f5a032f1b21e428c2fc9542ab537b0acd0c602b28d3a0c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packagesadded 2025/07/02 11:57 a.m.4 views

Malicious code in bonnet-ltd (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 90d8066c671e4c70fdd26ffc5ac6d901d34541c2cff4aaaf2c118c977078aec4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packagesadded 2025/06/10 5:16 a.m.4 views

Malicious code in @mediawave/lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f5728f228ecbe0dfd5db6afd530842107e9356201123b885d36418429c37ffbe Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packagesadded 2025/05/23 1:41 a.m.6 views

Malicious code in client-authentication-module (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b0d83929fbddd1bff9fe89b82702a66c79d3e1f6f0fe19baa7379b58472005ad Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packagesadded 2025/01/20 7:34 a.m.3 views

Malicious code in pyroscope-oss (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 78530d6378099081103c13a5d340a9c8562d2c041085a8c20893adb93bdd115d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packagesadded 2024/10/16 11:59 p.m.4 views

Malicious code in alb-um-availa-ble-zip-mp3-file-30506-i-feel-alright-898re-atdkuh (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 301aedb3c629f2045611e487e9d753ff50c0a6fc1da4ee93c01ab32ee0cff0a7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packagesadded 2024/09/02 1:42 a.m.5 views

Malicious code in @diotoborg/temporibus-quasi-quasi (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ed6d62009acef17765a3724affbe0057ad69d0d74b947bc1c8614a825a71ba02 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packagesadded 2024/09/02 1:42 a.m.4 views

Malicious code in @diotoborg/autem-nam (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6b19b23c3b09fd8b6c17a6abbff64fd4c36787818abb73f7ba3b28abd91f478d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packagesadded 2024/08/01 6:0 a.m.4 views

Malicious code in taiwinders (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2dab44b2fa45e4dc1c7966fb53989bb8c53c203f15da117a99bcab2ce4d1125c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
Rows per page
Query Builder