Lucene search
K

316 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in cursed-ecto-d3ab00 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 49348969de68b56d680a46f67f817053621fa41a5220d8cd0bc1da720e77a5a1 The package has no legitimate functionality index.js is an empty module and exists solely to run an install-time attack payload. All four lifecycle...

6AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago5 views

Malicious code in crypto-promiser (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 25594e7865a7525aebefd2f1fcc8060f144bf202b1986875e1cfd95564f66e88 [email protected] is a typosquat of the legitimate crypto-promise package that ships a dropper in its lifecycle scripts. The declared postinstall...

6.6AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago5 views

Malicious code in searchresults (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c7d5453a0b1576ed8880071cda901607e79f25378700d3f999ab2c9715e00635 [email protected] is a high-version dependency-confusion squat on the generic name 'searchresults'. package.json declares preinstall and...

6.4AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago7 views

Malicious code in zod-pino444 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 560c3d47344d4da5dffac230236b5248d2f1856c221ffac7ff72d4e3b197957b Package [email protected] is a credential/secret harvester disguised behind a benign-sounding name. scripts/postinstall-agent.mjs is a...

6AI score
Exploits0References5
OSV
OSV
added 6 days ago11 views

MAL-2026-6757 Malicious code in vps-maintenance-paperclip-adapter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0de46c3e339f828f4c86612ee8bf74a29edc636511e2eaa765d8a75699849da3 package.json declares a postinstall lifecycle script that runs an inline node -e payload opening a TCP socket to 185.112.147.174:7007 and piping it...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/01 8:37 p.m.8 views

Malicious code in polymarket-trading-developer-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 30ffc35841039a7a95d8b5590db211f34b662975513f3a054b8be282f0858c99 The package's postinstall lifecycle script performs install-time remote code execution. It reads a bundle URL from a JSON config hosted at...

6.4AI score
Exploits0References2
OSV
OSV
added 2026/06/30 12:0 a.m.3 views

MAL-2026-6690 Malicious code in log-taker1 (npm)

Malicious npm package published as part of a coordinated DeFi-themed infostealer campaign. log-taker1 embeds a full infostealer 2800 lines directly in index.js, executed at install time via postinstall: node test.js. The payload harvests cryptocurrency wallet vaults MetaMask, Phantom, Solflare,...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/06/29 8:52 a.m.8 views

MAL-2026-6588 Malicious code in endpointmap (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa2ddbcbdd90508af14415a021644c1ab8a57e432b526425e4c5128b23f897bb endpointmap advertises itself as a REST endpoint registry but exhibits a two-package smuggle pattern. lib/registry.js exports two non-printable byte...

5.8AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 8:52 a.m.10 views

Malicious code in endpointmap (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa2ddbcbdd90508af14415a021644c1ab8a57e432b526425e4c5128b23f897bb endpointmap advertises itself as a REST endpoint registry but exhibits a two-package smuggle pattern. lib/registry.js exports two non-printable byte...

5.8AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 7:9 a.m.7 views

Malicious code in ledgerflow-deploy-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5f0097d19be676ac30ff79dffcff38f128873c80115a8a150c3eceff0422aa93 On npm install, the package's postinstall script queries the AWS instance metadata service IMDSv1 at 169.254.169.254 for the attached IAM role and...

5.8AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 6:4 a.m.6 views

Malicious code in poly-kelly (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d3df5266b6e9d9347844e4e054ab744aad9517c6f55df4e68e6c6815e843da7 On npm install, the package's postinstall script reads the homepage field from package.json set to...

5.9AI score
Exploits0References5
OSV
OSV
added 2026/06/28 6:1 a.m.9 views

MAL-2026-6555 Malicious code in livekit-agents (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5abf921f58c69745fee91e812853b493a282f3d42f55db38516ba54b827ea35b The unscoped npm package livekit-agents advertises itself in README as the official LiveKit Agents SDK and links to livekit.io documentation, but the...

5.8AI score
Exploits0References5
OSV
OSV
added 2026/06/28 6:1 a.m.7 views

MAL-2026-6557 Malicious code in pkg-fallback (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7f4ccaa9f059318782cd3b811f5bd6ea926e267e4b05dc4971d6acc6687d5d4f setup.py performs an unconditional urllib.request.urlopen at install time to a hardcoded plaintext bare-IP endpoint...

6.2AI score
Exploits0References2
OSV
OSV
added 2026/06/27 9:55 a.m.10 views

MAL-2026-6547 Malicious code in react-editable-calendar (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b35fd7baa18320cbcaf6fbb6fbabb6139dd48264cd1f09d0461a8877c1f873f On npm install, the package's preinstall hook runs node dist/index.d.js. That file base64-decodes a payload which fetches JavaScript from...

6.1AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/27 9:55 a.m.14 views

Malicious code in react-editable-calendar (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ef4c5725bd98fb80c8dc59c58f68627b6a69aa4c4ae16d3f0c70c011895144cb package.json declares a preinstall hook node src/utils/index.d.js, but the published tarball's files whitelist ships only dist/, README.md, and LICEN...

6AI score
Exploits0References7
OSV
OSV
added 2026/06/27 3:48 a.m.8 views

MAL-2026-6545 Malicious code in crossmint-wallets-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dd4caebfba35b43bf10f156fe687f455e95b09a514b8644fe1a900b63f1bf78a Package name impersonates the Crossmint wallet SDK family. Both preinstall.js and index.js import childprocess, capture host identifiers hostname is...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/06/27 2:32 a.m.4 views

MAL-2026-6544 Malicious code in chai-as-persisted (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5cf9c49450e0fa0d47be1b6ae27991f844868ff6c435d2082948b5feae862709 The package's postinstall script npm run smoke:pino executes index.js, which spawns a detached node lib/initializeCaller.js child. That module hides...

6AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/27 2:32 a.m.10 views

Malicious code in chai-as-persisted (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5cf9c49450e0fa0d47be1b6ae27991f844868ff6c435d2082948b5feae862709 The package's postinstall script npm run smoke:pino executes index.js, which spawns a detached node lib/initializeCaller.js child. That module hides...

6AI score
Exploits0References3
OSV
OSV
added 2026/06/26 3:45 p.m.6 views

MAL-2026-6534 Malicious code in react-dynammic-table-component (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d47aff9bb18dcd61350fa86e19d97ddee5ee7c5bdf7f0adea4a685e89d58fa4f [email protected] declares a preinstall lifecycle script node dist/setup.js that runs automatically on npm install. The script...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/06/26 3:42 p.m.10 views

MAL-2026-6527 Malicious code in @immobiliarelabs/backstage-plugin-gitlab-backend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 096fc86987f4a25a5fb6572968e0c7309d71ed3e6ab16c239427de98c7d30ae7 The package ships a binding.gyp at the package root whose contents use GYP command-expansion syntax !... inside its targets/sources fields. npm...

6.1AI score
Exploits0References5
Rows per page
Query Builder