CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSSF Malicious Packages•added 5 days ago•9 views

Malicious code in @gbrlxvi/ts-form-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 20e77262ebb59497687fabfba394959da9ce6afbaf436aa5fcf654b2c8a44a32 Package advertises trivial form-validation helpers notEmpty/isEmail/isPhone/maxLen/minLen but on require/import of the main module performs an...

5.8AI score

Exploits0References14

OSSF Malicious Packages•added last week•9 views

Malicious code in tailwind-animator-scroll (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f89c3c4c01375bc7baef213c815a901ac3947eaf3835aa80ea67a725ece8d533 The package's main entry src/index.js appends, after a large whitespace gap following the legitimate-looking Tailwind plugin code, an...

5.6AI score

OSV•added 2026/05/27 1:54 a.m.•6 views

MAL-2026-4829 Malicious code in quatres (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0d720315dd49970cfc00c39f4e377485b2746a4fc24f42dec7e79d0749ab9a7d During import, the hidden code downloads and executes the second-stage code. After performing anti-analysis checks, it downloads a malicious executable and...

OSSF Malicious Packages•added 2026/05/19 6:39 p.m.•7 views

Exploits0References2

Malicious code in alya-baileys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 473103f2220a0215abf49be7e46ec1748052935ce188e0eee6ded08af7b47cf1 alya-baileys is a fork of the Baileys WhatsApp library that adds a hidden, remotely-controlled action channel against the installer's authenticated...

5.8AI score

Exploits0References8

OSV•added 2026/05/13 5:52 a.m.•3 views

MAL-2026-3638 Malicious code in openai-spellcheckers (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 195e6ac284c1a3e97b7683250a5514ed89d903819d2a3c97987782d4725e0e9f Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...

OSSF Malicious Packages•added 2026/05/12 6:21 p.m.•9 views

Malicious code in ai-spellcheckers (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 205425d7a8407b8bed958a99660e2ec74e21f9b0e1427659529636347333c5c9 Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...

OSSF Malicious Packages•added 2026/05/11 5:23 p.m.•9 views

Malicious code in openai-spellchecker (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 13911c4c1e0334b4e4d972e3b3256a08f8991d3935d74086c252ed085d3984a0 The package hides code to download and execute a next-stage payload, which then communicates with C2 and listens for next code parts. In the analyzed version,...

OSV•added 2026/05/07 8:7 p.m.•5 views

MAL-2026-3371 Malicious code in pycacheopt (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 cf50eae305079227b5283e08547cc201f941624c95e49460c3e6544cdd1e221b The extension module hides code that in specific circumstances executes given code. The malicious action is hidden only in the extension module with the...

OSSF Malicious Packages•added 2026/03/12 3:25 p.m.•5 views

Exploits0References2

Malicious code in collecters (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c17c6bb947662d942c27cdf7ca9572536ea97f7864070648eb417277cad2e71e Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...

OSV•added 2026/03/12 3:25 p.m.•1 views

MAL-2026-1371 Malicious code in collecters (PyPI)

6.1AI score

OSSF Malicious Packages•added 2026/03/11 12:41 p.m.•5 views

Malicious code in collectables (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e007c43e26edb912325f1478ec6cd5cd838b5d7e5ae62beedd3baa02638b3dc4 Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...

OSV•added 2026/03/11 12:41 p.m.•3 views

MAL-2026-1342 Malicious code in collectables (PyPI)

6.1AI score

OSSF Malicious Packages•added 2026/03/11 10:17 a.m.•5 views

Malicious code in collects (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 fc7f98d0c4c092f4eb4a73240f8c7a5df90717853ee408fefa9eeb09a41d2cae Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...

OSV•added 2026/03/06 11:35 a.m.•15 views

MAL-2026-1261 Malicious code in fastapi-requests (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8e414a858711540d25b63ced50114d396e150157b65a70056beccc38948a4199 The package clones a legitimate library and contains hidden code that executes remote scripts. During the analysis, the remote code was no longer available ---...

OSV•added 2026/03/06 11:34 a.m.•3 views

MAL-2026-1262 Malicious code in fastapis-requests (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 69baeb910fc47c2e92e2a25cb1db7b5148b4773d193f15aecef4d708f69b1f6d The package clones a legitimate library and contains hidden code that executes remote scripts. During the analysis, the remote code was no longer available ---...

OSSF Malicious Packages•added 2026/03/06 11:34 a.m.•8 views

Malicious code in fastapis-requests (PyPI)

OSSF Malicious Packages•added 2026/02/20 6:59 a.m.•10 views

Malicious code in printrables (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 062cd723b198a3d0af641a78b343642653fb80f4cbf527be765bb4e520cbd3ed Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...

OSV•added 2026/02/20 6:59 a.m.•5 views

MAL-2026-951 Malicious code in printrables (PyPI)

OSSF Malicious Packages•added 2026/02/11 10:4 a.m.•4 views

Malicious code in tablixs (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 46731b2531e50115b70ae49abbd4bd1abb55f364a4cc2d8234c749f750883359 Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...