Lucene search
K

129 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago4 views

Malicious code in install-skia (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b665b508eeae9e0e619ed7b68e3a43248cd81d67d40a0516bbd62981ddb2359f The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago5 views

Malicious code in imillegal2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a225f0551d1cfdc2da755da6241bc992376b5beddd6bc0895ea816391556e985 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago5 views

Malicious code in ratelimitsucks5 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e1a8e8337f9df3011cf32fbc4bb478d960681df93aaaddfdec39034a123a9b5b The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSV
OSV
added 2026/07/08 8:26 a.m.8 views

MAL-2026-6964 Malicious code in na-rony (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 193f3dbfb6073e7b6c5dacb0e79157ccac9c69ac4c23d2c8270cc23d27cab699 package.json declares postinstall: node index.js, causing index.js to execute automatically on npm install. The script collects the installer's OS...

6.2AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:53 p.m.15 views

Malicious code in @cxp-shared/string-utilities (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d2cd735ed6a2711ca0dfcb8cb4fee948afe5e923d6b56743b3fd7ee922bd8d14 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 2:9 p.m.14 views

Malicious code in vqlxjmpr (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aeb63fbed71a85092bf04cb120b4d1f19a3edaa74ac1c0cb47ce36f622d0062e Package is published as a generic 'Utility library' under an opaque name vqlxjmpr with no repository or homepage, but its sole exported function...

5.5AI score
Exploits0References6
OSV
OSV
added 2026/06/10 3:48 p.m.8 views

MAL-2026-5516 Malicious code in tailwind-animator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e9a1b7c3c3877a14abbea0abc4ee53a2d5d7207f7932141f428235c069285c0d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 2:17 p.m.18 views

Malicious code in @doaction/rrweb-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6efd52baa69926a32dbac2a3c5eb53c361935e9a3386d2893bf2d7506ab4dfea @doaction/[email protected] is a dependency-confusion / namespace-impersonation package targeting the rrweb session-recording SDK ecosystem. The...

5.6AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/14 11:31 a.m.5 views

Malicious code in percy-cake-docker (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6bf9ba1c1f0935698da1dc2d1856efe1994c5b21139eec04f6eca712e85925f2 The package percy-cake-docker was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/13 3:14 p.m.12 views

Malicious code in @b2b-portal/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a28e67919e3dfef2a8a434caec109791355b6f43d434d22bd9515f348a692c5e The package @b2b-portal/core was found to contain malicious code. Source: ghsa-malware 7a10dd57d5e27c26f36c8207faa6449838827281be33c9ecc99e025cfdea19...

5.7AI score
Exploits0References1
OSV
OSV
added 2026/03/23 1:47 p.m.11 views

MAL-2026-2101 Malicious code in sidebar-basket (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware abd1b121a57bf0b4d96e4f902f6d051ff5b485ab7fc412f8940ce2c294ddb660 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/22 6:20 p.m.9 views

Malicious code in @leafnoise/mirage (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 157e0e66e325f6fc597250166e5f27d4fef94ef77d3d758ab52e0df7eca85114 The package @leafnoise/mirage was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References4
OSV
OSV
added 2026/03/16 3:51 p.m.8 views

MAL-2026-1476 Malicious code in jalalstealer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 18913d1d0805eb9183a23aedfba3cbef762c642f82c079dd24711102fd20951e The package jalalstealer was found to contain malicious code. Source: ghsa-malware d760ddb75dc632737c4e778e0ac4db4522bd8584240834cbefe9bffa1948999c A...

5.7AI score
Exploits0References1
OSV
OSV
added 2026/03/16 12:0 a.m.6 views

MAL-2026-1521 Malicious code in lit-a11y (npm)

The package 'lit-a11y' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server npm.jpartifacts.com...

5.6AI score
Exploits0References3
OSV
OSV
added 2026/03/13 6:54 a.m.5 views

MAL-2026-1391 Malicious code in @dinzid04/baileys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e75cf71f0ce959b1ec335f4481db2cc423250422c02e9bf33d40e12b6f541760 The package @dinzid04/baileys was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/12 5:14 a.m.10 views

Malicious code in mezukabil (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 116aeb117747dfbea2f28ecfaae0e59f69c1c476942bc00335519de4e68a8c84 The package mezukabil was found to contain malicious code. Source: ghsa-malware 554fc63eb509f787fc60a615d7228f13eb692391a1a1dca733d3031716dd2ff8 Any...

5.7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/02 2:22 a.m.10 views

Malicious code in bee-quarl (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b90e7b3eadcb23e766223167d16f561fd64fe44ec63f6e77afefe38966da2fec The package bee-quarl was found to contain malicious code. Source: ghsa-malware 642b83461b49019b47d27820b1dbaed267f2365eecf5fc74467d02192ec662aa Any...

5.7AI score
Exploits0References1
OSV
OSV
added 2026/02/03 5:1 a.m.6 views

MAL-2026-674 Malicious code in freedom-baileys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4512163cbee4473b3f1fec8504df8a156ada7ac4ca90a763fb9968ba58178ade The package freedom-baileys was found to contain malicious code. Source: ghsa-malware 7c21d9105c9c9c7f67546b69fd620327c3b304280b1113d557601d49a0639cd...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/01/19 12:46 a.m.11 views

Malicious code in zod-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a8d6e0134575d22df9c8acb633e41aeb44e167203581cee75c81264667e9bdee The package zod-js was found to contain malicious code. Source: ghsa-malware df349fd5990c0cb74fcaa574f32fd30796c00bbe619ee60bd0eac1a658c7dd49 Any...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/01/07 2:8 a.m.4 views

MAL-2026-102 Malicious code in redis-cookie-ts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 509b8c9645600775859de8538bbca62aac7f273789f1b43a370c814e2a061acc The package redis-cookie-ts was found to contain malicious code. Source: ghsa-malware c3c52170c4adfaeed7862716007e61fcaa3cfc702c729b6487746c1f3184f3e...

6.8AI score
Exploits0References1
Rows per page
Query Builder