Lucene search
+L

3402 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 3:12 a.m.12 views

Malicious code in @mastra/hono (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 38c7b04ac71f0c234ec7105176bed53c8b893cdd89fd72465733787456601d0c The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/06/17 3:11 a.m.7 views

MAL-2026-5959 Malicious code in @mastra/pg (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a70008c61b1e4ef205086d9fbbeb0435c8cee10e414626617fec6b946d45c84 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSV
OSV
added 2026/06/17 3:11 a.m.8 views

MAL-2026-5965 Malicious code in mastra (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 74c4549467abc2b76f088b4684a79cb551458718b7c5d9beb8ae1af4349d02a8 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSV
OSV
added 2026/06/16 12:2 p.m.9 views

MAL-2026-5881 Malicious code in obfus-jsxy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 06ceddcf57cd9b200dd1b25fa6f9179fdbf71eb420a9211eb81b762e21a07211 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSV
OSV
added 2026/06/16 11:54 a.m.7 views

MAL-2026-5882 Malicious code in redis-type-os (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f9fefcfb296b7a9b0c08dc47f628f1987d349d5b57cc9b3c5cb2ce7e331f7e4 Package is published as redis-type-os but all in-package references README, docs/, CHANGELOG, repository field, author email point to redis-om /...

6.1AI score
Exploits0References9
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/16 11:44 a.m.10 views

Malicious code in nat-ulid (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ab95c3f95c377215b7cbd4be6d2cdcc79304910b03a2dcdf08f65da6f1c05f4c The package ships a bundled file at dist/node/payload.js containing several POST call sites around lines 14592, 14621, 14805, 14923, 15805. Pattern...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/06/16 9:37 a.m.11 views

MAL-2026-5877 Malicious code in check-ulid (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea848e496c2022409208a3e4a7d9b364c9437699a15554a5a1ee953d4428f230 check-ulid is a typosquat of the legitimate ulid package README is copied verbatim, homepage and bugs link to github.com/ulid/javascript whose...

5.5AI score
Exploits0References2
OSV
OSV
added 2026/06/16 6:9 a.m.8 views

MAL-2026-5872 Malicious code in pampipes (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 660a84b18bd4e15af0f490d3f4bfde871b12e7912493f23d5ae7a3db10a82565 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.4AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/16 6:3 a.m.17 views

Malicious code in npmjs-doc-builder (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9e75a4fc474b58b6d7226e8448d6c909312baf7aff6e9587188cc56a2a5dface Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.4AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/16 12:5 a.m.14 views

Malicious code in epm-service-module-v2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8fd918cea189b1bc56c3747261e190b331708c8dc3e799d144e95c33c0ebe3c0 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/15 11:45 p.m.12 views

Malicious code in prettier_v2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 52d6c46e6d7e7ba0269dbb3d9725b5943d1b4b94ac2587a5738983cb93d8e1cf Package name 'prettierv2' closely resembles the widely-used 'prettier' formatter package, raising typosquat concerns. The file lib/mirror.js contains...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/06/15 11:33 p.m.11 views

MAL-2026-5843 Malicious code in chai-smart-assert (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c9c0d75b8077d317728bd396870ad1f297ea11f7a50585421fdf2b888cf3a9f3 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/12 2:32 p.m.12 views

Malicious code in ecto-spirit-win-k4n8 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8082c12f69dfbb45e83017fa0baf4f88f9500649dd443e80f2d7d4f858020814 The package ships a postinstall.js that imports childprocess and references HTTP GET and hostname operations. Without traced-code corroboration of ho...

6AI score
Exploits0References2
OSV
OSV
added 2026/06/12 2:32 p.m.9 views

MAL-2026-5690 Malicious code in ecto-spectral-leak-8d4e2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ed80e7979c97935537c82692c1be6aa9fa4880f76b412057e9d8ed7d66af999f On npm install, postinstall.js executes shell commands that enumerate AWS Secrets Manager across regions aws secretsmanager list-secrets followed by...

5.8AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/12 2:32 p.m.16 views

Malicious code in ecto-corsair-flag-x9m4 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd1e74d04f91a92c7c0205e252bc0002095d0c1ce9b9e9390083d267422e8b10 On npm install, postinstall.js executes attacker logic gated by hostname and working-directory checks designed to fire only inside CTF-style containe...

5.7AI score
Exploits0References2
OSV
OSV
added 2026/06/12 2:32 p.m.11 views

MAL-2026-5693 Malicious code in sea-bound-siren (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cd5f2d5cc691968b1bb69f12ea7476c618f6432b42976869906df06312b912c0 On npm install, postinstall.js executes a shell pipeline that collects the output of id, os.hostname, the full process environment env | sort, the...

5.5AI score
Exploits0References24
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 1:54 p.m.13 views

Malicious code in @sazka/web (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f28f82bd2ace12b57cc67c8da0f065ed544157af3148f2680ca8a36c9ef01b21 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 1:54 p.m.17 views

Malicious code in @tenforce/toolbox-fontmap (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fc43bc0434418226ca77115c791ff0ea0031a0d314e73acfe0a62686528ceaad Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/06/11 1:54 p.m.11 views

MAL-2026-5656 Malicious code in @integrations-center/utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a23606af0a8ca92d6caee4fa3a9171e6268ad073eec054cb0d2835747bf7cbbc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 1:54 p.m.16 views

Malicious code in pui-diagnostics (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f05c21e14c3c230fc88a2e0513e8dcd1ba8eda06a21ee1371dd5277b4280740a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score
Exploits0References1
Rows per page
Query Builder