Lucene search
K

7 matches found

OSV
OSV
added 2026/06/11 7:24 a.m.10 views

MAL-2026-5604 Malicious code in cache-section-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cad3d2732831e4b798073aff289abd1abdbb718b4caa9e4f970a0dd3f7733653 package.json declares a postinstall hook node -e "require'./loader.js'" that runs automatically on every npm install. loader.js hex-decodes the strin...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/06/10 6:37 p.m.10 views

MAL-2026-5525 Malicious code in @solana-labs/web3.js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 91b0523027116b3981b0f1dfe925f01d8956eb19817aae6ea7d0022d5357fba4 Package @solana-labs/web3.js impersonates the legitimate @solana/web3.js and re-exports it as cover while running a malicious postinstall node...

5.5AI score
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/10 5:11 p.m.13 views

Malicious code in requests-toolbelt-plus (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 38c64ca050de4910f56bc4a652890b0a378082859cb62153762c6ae08b4b8eae The package impersonates the popular requests-toolbelt library but ships an empty requeststoolbeltplus/init.py and places its real logic in setup.py...

6.1AI score
Exploits0References3
OSV
OSV
added 2026/05/26 6:21 a.m.20 views

MAL-2026-4781 Malicious code in unique-id-64 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ab3b19e4bd1602de93ca092a5909f8b69927c01d5a690d3484116024dfc46e2 Package impersonates the well-known sindresorhus/unique-string utility: package.json copies the author block name 'Sindre Sorhus', email...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/25 3:12 p.m.14 views

Malicious code in vue-compiler-sfc-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c320320435358c109567ef3776ced079a2196b831b583b66c87323ddf402bae9 Package name and README impersonate the official @vue/compiler-sfc package; index.js merely re-exports it. The npm postinstall hook runs...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 6:24 p.m.13 views

Malicious code in ethers-wallet-package (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c6dae6dc459fa2ef437e532af4b27b6c50360a40cdb9d91563d25a48bae88cec Package name impersonates the official @ethersproject/wallet, and package.json spoofs the ethers.js maintainer identity author 'Richard Moore '. The...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/19 11:54 p.m.12 views

Malicious code in @tailwind-core/vite (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f9a00740b85c3ce7b36a9ba242f3eccc9ebf3d4f626ab911342c50d63b48805 The package name @tailwind-core/vite impersonates the official @tailwindcss/vite plugin from tailwindlabs, and its package.json declares three...

5.8AI score
Exploits0References1
Rows per page
Query Builder