CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSSF Malicious Packages•added 6 days ago•5 views

Malicious code in pkg-telemetry-r4f9 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector decf727db779a7cc4017b0bd8000f9fb40bcc5c6d93b016144a94e245886ea4e On install, package.json's postinstall hook runs node run.js, which loads beacon scripts that combine childprocess, os, and http modules to collect...

5.5AI score

OSV•added 6 days ago•5 views

MAL-2026-5990 Malicious code in pkg-telemetry-r4f9 (npm)

OSSF Malicious Packages•added 6 days ago•4 views

Malicious code in runtime-metrics-w7k2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9c2062a3f2564ced7261d9b8be8a49e11117bd74ffe3e92aad6029c471921e2d Package declares a postinstall hook "postinstall": "node run.js" that fires automatically on npm install. The tarball ships beacon scripts beacon18.j...

OSV•added 6 days ago•3 views

MAL-2026-5992 Malicious code in runtime-metrics-w7k2 (npm)

OSSF Malicious Packages•added 6 days ago•4 views

Malicious code in npm-sandbox-ping-r9t2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 335649d395a44d7de1bc6343dbce1f0459414ef92ab149413a86b47e28f3c7c3 package.json declares a postinstall hook "postinstall": "node run.js" that auto-executes on install. The package ships beacon scripts beacon14.js,...

OSSF Malicious Packages•added 2026/06/16 7:37 a.m.•9 views

Malicious code in datacamp-light (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 234a0d37873455b7db32068745d93ed29aafa596877b39949280b4ec0621ad6b datacamp-light 99.0.0 impersonates DataCamp's internal package name='datacamp-light', author='DataCamp',...

OSSF Malicious Packages•added 2026/06/16 4:24 a.m.•9 views

Malicious code in @ts-internal/shared-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7afc836ea4b9ecc7e09f0add976470f1b4e253f8b5b53b3ce706889efb349171 The package squats the internal-looking scope @ts-internal/shared-lib on the public npm registry and runs a network beacon both during install...

OSSF Malicious Packages•added 2026/06/15 6:26 p.m.•5 views

Malicious code in cardano-addresses-docs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9d99ae2a620ac8a3db31cde344d6d1e46914f785b3d5f4b8debdb20d64fa9c75 package.json declares a preinstall hook node index.js that runs automatically on npm install. index.js collects host identifiers os.hostname,...

5.3AI score

OSV•added 2026/06/15 6:26 p.m.•3 views

MAL-2026-5802 Malicious code in cardano-addresses-docs (npm)

OSV•added 2026/06/15 5:40 p.m.•7 views

MAL-2026-5814 Malicious code in intel-ai-safety-explainer (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7561bb0b816a4521b6de43bce01afa55516a7201b6daa7696de4924623557f90 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

OSSF Malicious Packages•added 2026/06/15 5:39 p.m.•6 views

Malicious code in merino-common (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 61117d9c074586912421f9fe2104b792a0eb2a359dd1c6e9c8548bc2aa299dd0 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

OSV•added 2026/06/15 5:39 p.m.•5 views

MAL-2026-5817 Malicious code in merino-common (PyPI)

OSV•added 2026/06/15 5:39 p.m.•4 views

MAL-2026-5820 Malicious code in node-scraper (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 52aa9bb0c23cd9126412a9477da59431309521a78dd65e807b7dd198367d0a83 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

OSSF Malicious Packages•added 2026/06/15 5:39 p.m.•9 views

Malicious code in dispatch-internal-plugins (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5993e79eab55ecc24ada6a4bce88f580c958499d51d0d7472e74aad904648964 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

OSV•added 2026/06/15 5:39 p.m.•7 views

MAL-2026-5810 Malicious code in dispatch-internal-plugins (PyPI)

OSV•added 2026/06/15 5:39 p.m.•6 views

MAL-2026-5816 Malicious code in llvm-aie (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 aaaa9db3b2677afec4eb708297d457bc71941d74c73e2276e2a2fa81835f8bc3 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

OSV•added 2026/06/15 5:38 p.m.•8 views

MAL-2026-5811 Malicious code in gigl-core (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 28903f76bed2e89a18c9c276d62c95bb089a091020f89f35f7d2800ef6a3bce3 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

OSV•added 2026/06/15 5:38 p.m.•6 views

MAL-2026-5809 Malicious code in databricks-tools-core (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9ecf172545ef84f1fcbeeae028a55d2bb570d68a3356a26526269e267f184a10 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...