Lucene search
K

54 matches found

OSV
OSV
added 2026/05/26 1:0 a.m.12 views

MAL-2026-4566 Malicious code in fpjson-lang (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 38aca097f261c15ef9901f259883679e2d4308d6e4053099643c8befe9a14318 package.json declares "preinstall": "./bin/install-deps", causing npm to execute a 954KB packed Linux ELF binary on every install. The package...

6.3AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/26 12:59 a.m.15 views

Malicious code in aonote (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector df30872a579b6ce2419993ff9bad621f42347097dd43551a26583223e6a98a7b package.json declares "preinstall": "./scripts/postbuild", where scripts/postbuild is a 976KB UPX-packed Linux x86-64 ELF sha256 36abd242... shipped ...

6AI score
Exploits0References3
OSV
OSV
added 2026/05/26 12:59 a.m.12 views

MAL-2026-4715 Malicious code in weavedb-base (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 886f22636b5e4726978e23b10a4311fb7e65c2b10003da72429348fa617884d1 package.json declares "preinstall": "./vendor/setup", which runs a 976KB packed Linux x86 ELF binary sha256...

5.8AI score
Exploits0References5
GithubExploit
GithubExploit
added 2026/05/25 3:34 p.m.96 views

Exploit for Embedded Malicious Code in Tanstack Tanstack\/Arktype-Adapter

Simulasi Supply Chain Attack — CVE-2026-45321 TanStack Ed...

9.6CVSS7.7AI score0.02342EPSS
Exploits3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 1:15 p.m.11 views

Malicious code in banana-stand (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ab14273a518e66f357d229806e82cb2f4ce211cae4bc5de0f2d15eeab67fb720 On npm install, the package's install lifecycle hook runs node index.js, which loads lib/core.js. That module reads os.userInfo.username, os.hostname...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/20 4:16 a.m.8 views

MAL-2026-4493 Malicious code in axiosqqq (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9cf5bc7a896b21f9af923c60b9283758bf46d4fb279f752a42bae43bb6006aa Package name axiosqqq is a 3-character-suffix typosquat of axios and ships axios's verbatim source, README, and CHANGELOG to impersonate the legitima...

6AI score
Exploits0References4
OSV
OSV
added 2026/05/20 1:56 a.m.9 views

MAL-2026-4651 Malicious code in pulse-axios (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c64dad53e23f7fcba3813e9ae6caee3f9461f5e52194165da668e5332e78bb99 [email protected] declares a postinstall hook node./lib/core/eval.js that on npm install issues fetch'http://localhost:3000/download/data', reads th...

5.9AI score
Exploits0References3
OSV
OSV
added 2026/05/14 7:25 p.m.20 views

MAL-2026-3751 Malicious code in cache-poisoning-pwn-demo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dacd21af4f62dd3183bfc4126d1cbcf18600a1c72301b7ae8ca401ec7e44f94e The package's postinstall hook node -e "try require'./dist/postinstall.js'; catche " loads dist/postinstall.js, which bundles a poisoned is-number...

5.9AI score
Exploits0References3
OSV
OSV
added 2026/05/05 3:14 p.m.8 views

MAL-2026-3342 Malicious code in runtime-readout (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 db23da97c424ee374983aaaa3b955d423abe32f91c024f372142dc234ae522d3 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/05/03 8:23 p.m.7 views

MAL-2026-3250 Malicious code in rostilesolver (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 eef0922e5bb8ba3371baad4b76542215ff15e445a9d6ed6fb5546230fe5da4df During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

6AI score
Exploits0References9
OSV
OSV
added 2026/04/11 8:20 a.m.5 views

MAL-2026-2549 Malicious code in python-aickerso (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d1d7d33d48c083d0e17d3a3698d815f66dffb070f743e030278059a558c5e6fd Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

6AI score
Exploits0References1
OSV
OSV
added 2026/04/07 9:41 a.m.5 views

MAL-2026-2503 Malicious code in genesis-1p-tools-rpm-bundle (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d7a13386739eb38301be183f8fafa0281beef0adc59037619ca870c2b075cd58 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/26 4:21 p.m.7 views

Malicious code in pacbot (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 77976a83e69cb239c03d7d5f13eefeaa61eaae708c066a584609d8b7d8a932bd Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

6AI score
Exploits0References1
OSV
OSV
added 2026/03/25 6:54 a.m.8 views

MAL-2026-2185 Malicious code in hy-api-utilities (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e47cae7d998d465d8ad1e4944051a42ee3cbf939476004154800628a94b828f3 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

6AI score
Exploits0References1
OSV
OSV
added 2026/03/25 5:5 a.m.9 views

MAL-2026-2171 Malicious code in globally (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1f2d16dd9f9dc8f8c54504946e96b931fab9f6c893012e17b0c03dd531c49f5b Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

6AI score
Exploits0References1
OSV
OSV
added 2026/03/25 5:5 a.m.10 views

MAL-2026-2172 Malicious code in v2-8-3 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b90faec9a57b74163b9282007ed27f9602abf0d5307115928eb4ca75d98f8c72 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

6AI score
Exploits0References1
OSV
OSV
added 2026/03/24 10:21 p.m.11 views

MAL-2026-2145 Malicious code in compose-rl (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d7bb3250324aea46c0121883650a393aeee3569ba3a3a8f202530bdc523a5735 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

6AI score
Exploits0References1
OSV
OSV
added 2026/03/08 4:29 p.m.5 views

MAL-2026-1286 Malicious code in demozecosse (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1fd7840785d53d90edc61c6138072f4ed7a01b35dd05d76d9d6f5343ec93bff7 Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/03/08 2:52 p.m.5 views

MAL-2026-1284 Malicious code in demozecosso (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ca3839025ccad67334436cff10b99fc2c407515ed2d9a4e146d11b253b356c8a Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/02/10 7:14 p.m.6 views

MAL-2026-843 Malicious code in requests-core-plugin (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f7d809caa4cb4961377b3c02a06f90ce19136a36297191248a8c6cd289a809f2 During installation, package loads obfuscated code that then downloads and starts an executable. The final executable is identified as malware and appears to...

5.8AI score
Exploits0References2
Rows per page
Query Builder