Lucene search
K

3308 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 6 hours ago2 views

Malicious code in promo-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f1a88c879a569b51180b134bd442917610efba2cfc54aa980cb3ec3b4731e84c No concrete evidence of installer-side harm was identified for this package version. There are no indicators of credential theft, environment scrapin...

6.2AI score
Exploits0References9
OSSF Malicious Packages
OSSF Malicious Packages
added 14 hours ago4 views

Malicious code in rony-testing (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector be1a5728b472335e46d1df74becaf6355424f1f32d068bb517c079d88cacc03c The package's postinstall hook auto-executes index.js on npm install. The script collects the installer's OS username os.userInfo.username, hostname...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in whs4_npm_test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 68d797ee3c8111cffee8603aa24625cb71a7f958438e33207b33376b260acc59 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday3 views

Malicious code in shopify-internel (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3eb1d4e4e70cff6efbfec48cbf205e071c73a70003863e2293dbf7035547f560 Package name 'shopify-internel' is a one-character misspelling of 'shopify-internal' and appears to squat on the Shopify namespace. The tarball...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in notifier-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ba547b66886d76bff74f9c797b08f614eb5eb799359a28d0cdeb35dd1a0458ff The package's main entry index.js exposes a middleware factory aliased as pino/default that, on first invocation, spawns a detached, unref'd node...

6.7AI score
Exploits0References2
OSV
OSV
added 2 days ago3 views

MAL-2026-6862 Malicious code in pino-pretty-logs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f7864fcfe92b62b2ddc003e696cbe02d18e0979f4336bff4cc9352f318b260fa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago3 views

Malicious code in next-bignumber.js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 615f1e472f3fec95854738e64a4e4883676d514db833ca3bfa7a1008c0253a57 Package impersonates the widely-used bn.js crypto library: README, repository URL, logo, and source files are copied verbatim from indutny/bn.js, but...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 5:49 a.m.6 views

Malicious code in easy-time-format (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 20b7b165f80957e2b2c8484fe6a51c4c4354727dadd36a51c39265f58e916935 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 2:16 a.m.9 views

Malicious code in data-fetching-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 913d882d66d587abb1d6fe92b8b6d7353c1b4ae79fb175cc3f10b606dd5f8457 Package self-identifies in its package.json description as a bug-bounty dependency-confusion proof-of-concept against an internal package name of the...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 2:16 a.m.8 views

Malicious code in @su-doughnym/hubspot-loginui-poc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 72fa1e159f93bb8a1336dc48fe329f3a7801ebf56a49620ce67fd013ea8995ae Package is openly labeled a dependency-confusion proof-of-concept and uses a high version number 99.99.99 consistent with that intent. The preinstall...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/06/24 3:31 p.m.22 views

MAL-2026-6399 Malicious code in normalize-plus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a8d9638f9c3f81ac15972cf2ff227b2d426a72c5e37035e54402648fe8120675 On import, normalize-plus's top-level initPlugin performs an HTTP GET against https://jsonkeeper.com/b/CI3HT, parses the JSON response, and evaluates...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 3:38 p.m.7 views

Malicious code in sync-external (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc297a0deaba794fdbfccc280a79c7cc895f21fc4e0122b1fba1bc4759b66c3f The package ships an obfuscated JavaScript file at shim/index.js using hex-style identifier mangling 0x391f3f, 0x3eff0a, 0x534564, etc. characteristi...

5.8AI score
Exploits0References4
OSV
OSV
added 2026/06/19 8:8 a.m.10 views

MAL-2026-6202 Malicious code in ethereum-gas-reporter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7303c828115a527d477ea14684b3015e43fdcd36a7fa94041c16ccb3c2fbcfcc index.js line 144 contains require'chai-assert-kit' appended after the module's normal exports, with no other reference to chai-assert-kit anywhere i...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 6:32 p.m.8 views

Malicious code in @mastra/loggers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5225485064c54423eac85ed05753c97466d46c15d9b59dbe48193b115f538b3b The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 11:10 a.m.8 views

Malicious code in @mastra/mem0 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0103dbf66edb7ceb716e244ea15e4a68e439052d93646cb1107c780e79620541 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 5:8 a.m.7 views

Malicious code in @mastra/gcs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 722de440c55cc50c4576818745c16ee5105f7cf4c61295943a07826b22be9387 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 5:7 a.m.7 views

Malicious code in @mastra/voice-aws-nova-sonic (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6c109adf5a77f9ace07bb1f5ec93cd8d3464bf675b7a93abc5fdfd64669f0c75 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 5:6 a.m.8 views

Malicious code in @mastra/daytona (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5f6f64aaa3f1a7153a8a1bcb09d5f37bf46cbd5855c6fbf2a2b07bdec3ff9d6b The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 5:6 a.m.7 views

Malicious code in @mastra/stagehand (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0705d4d586f3c6d9899944e40be408bf7a454e7f62ed811cb4ee5778d707f43 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 5:0 a.m.6 views

Malicious code in @mastra/docker (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a207ac447f34657bb3cf28f05850031dc57ccb5a9b1082e792a7e420ef0fbc0 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
Rows per page
Query Builder