Lucene search
K

3324 matches found

OSV
OSV
added 2026/06/24 3:31 p.m.22 views

MAL-2026-6399 Malicious code in normalize-plus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a8d9638f9c3f81ac15972cf2ff227b2d426a72c5e37035e54402648fe8120675 On import, normalize-plus's top-level initPlugin performs an HTTP GET against https://jsonkeeper.com/b/CI3HT, parses the JSON response, and evaluates...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 10:23 a.m.7 views

Malicious code in multer-express (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 50b4df9cf15644bbea3ed944cbf168fdbad1619d0c3e10fff653b0d48c10bbb3 Package name 'multer-express' is similar to the widely used 'multer' middleware for Express. No malicious code patterns, install-time hooks, or...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 3:38 p.m.9 views

Malicious code in sync-external (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc297a0deaba794fdbfccc280a79c7cc895f21fc4e0122b1fba1bc4759b66c3f The package ships an obfuscated JavaScript file at shim/index.js using hex-style identifier mangling 0x391f3f, 0x3eff0a, 0x534564, etc. characteristi...

5.8AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 12:15 p.m.9 views

Malicious code in new-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 47f6e9bcab53d95265012a31a4dcfc1485ed6db858e788e68ac2ac1ebc33fc34 index.js imports childprocess and contains execSync calls invoking bash and zsh around lines 301 and 317. Without traced execution context, it is not...

6.2AI score
Exploits0References2
OSV
OSV
added 2026/06/19 8:8 a.m.11 views

MAL-2026-6202 Malicious code in ethereum-gas-reporter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7303c828115a527d477ea14684b3015e43fdcd36a7fa94041c16ccb3c2fbcfcc index.js line 144 contains require'chai-assert-kit' appended after the module's normal exports, with no other reference to chai-assert-kit anywhere i...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/18 4:5 a.m.14 views

Malicious code in intquery (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf4fe75f735c39be9ffe01686f69fd519c1408dd3473bb833506e1948fbc74a7 [email protected] is published under the name 'intquery' by 'Stagnation Lab', but its README is a verbatim copy of the unrelated project ts-logger-pack...

6AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/18 3:27 a.m.11 views

Malicious code in data-utils-d703 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e172168e5ac500d10ae42718a87676ad44a589b31dbeb5f902ea7fb1c4e6a984 The package declares a postinstall lifecycle hook "postinstall": "node run.js" in package.json that executes run.js automatically on install. run.js...

6.4AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 6:32 p.m.12 views

Malicious code in @mastra/loggers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5225485064c54423eac85ed05753c97466d46c15d9b59dbe48193b115f538b3b The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 1:4 p.m.13 views

Malicious code in sodel-pych (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c7d67bcaf42f4ef050a6b824dfbc2f711d6820f7b3b1140d211110f390e512fa The package ships several files whose names and contents suggest a non-trivial install-time and runtime footprint: a postinstall script...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 11:10 a.m.8 views

Malicious code in @mastra/mem0 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0103dbf66edb7ceb716e244ea15e4a68e439052d93646cb1107c780e79620541 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 5:8 a.m.9 views

Malicious code in @mastra/gcs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 722de440c55cc50c4576818745c16ee5105f7cf4c61295943a07826b22be9387 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 5:7 a.m.8 views

Malicious code in @mastra/voice-aws-nova-sonic (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6c109adf5a77f9ace07bb1f5ec93cd8d3464bf675b7a93abc5fdfd64669f0c75 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 5:6 a.m.9 views

Malicious code in @mastra/daytona (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5f6f64aaa3f1a7153a8a1bcb09d5f37bf46cbd5855c6fbf2a2b07bdec3ff9d6b The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 5:6 a.m.8 views

Malicious code in @mastra/stagehand (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0705d4d586f3c6d9899944e40be408bf7a454e7f62ed811cb4ee5778d707f43 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 5:0 a.m.11 views

Malicious code in @mastra/docker (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a207ac447f34657bb3cf28f05850031dc57ccb5a9b1082e792a7e420ef0fbc0 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 4:58 a.m.8 views

Malicious code in @mastra/claude (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 43c60df59e1fa51bbf7a5f6737d2c362f205589d70025f426f1004859168b1fe The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/06/17 4:57 a.m.6 views

MAL-2026-6010 Malicious code in @mastra/convex (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware acae13d27edf4e66aa693ee00ce3df3eb508a09c9bf7a9b934a9d3804653f3ce Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.4AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 4:57 a.m.10 views

Malicious code in @mastra/qdrant (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d56b9276df2c5f66da957d7e30e4ed702cba5053f80e1a9f715b016b2e66a043 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/06/17 4:57 a.m.9 views

MAL-2026-6009 Malicious code in @mastra/cloudflare-d1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b90c0979e73c015971950dfb03979edacfce9b04f146f9b118092118bab6d83a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.4AI score
Exploits0References1
OSV
OSV
added 2026/06/17 4:57 a.m.5 views

MAL-2026-5999 Malicious code in @mastra/auth-auth0 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b0fbe96c59a0cfac17ddbee22541fc2ba13a1ef82c91d75bc4b202c66aec4e4d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.4AI score
Exploits0References1
Rows per page
Query Builder