Lucene search
K

6 matches found

OSV
OSV
added 2026/06/14 7:30 a.m.13 views

MAL-2026-5757 Malicious code in npm-sandbox-ping-c8f2a (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f5401a81d56283c310efebfe29af19c3e3fa331667f40adeed71a54627adc877 Package declares a postinstall hook "postinstall": "node run.js" in package.json that executes on every install. Bundled scripts beacon6.js and...

5.5AI score
Exploits0References2
OSV
OSV
added 2026/06/12 9:31 p.m.14 views

MAL-2026-5719 Malicious code in ect-654321 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec784a9a1926de8d2c18de41c996e69e10f7001bf9fdc7604edc22d5775b4540 ect-654321 contains only a package.json with a preinstall lifecycle hook that unconditionally executes wget...

5.4AI score
Exploits0References8
OSV
OSV
added 2026/06/11 5:17 a.m.15 views

MAL-2026-5565 Malicious code in ai-sdk-helpers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 501daa3c8b2c9c2609dc60fd90ae59710a603ae56fa5dcc867d24913889c5413 [email protected] is a typosquat impersonating the Vercel AI SDK ecosystem homepage ai-sdk.guide, author 'AI SDK Guide '. On npm install,...

5.5AI score
Exploits0References23
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 7:13 p.m.13 views

Malicious code in bolt-delivery-menu-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cc39247db76b4edd80084e400324518739f141dafda621d368c3e5a9ac41f791 Package executes a DNS-based beacon at both install time package.json scripts.install runs node index.js and on every require of the module...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 7:23 a.m.14 views

Malicious code in arc-diag-util (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 95f08d97107d726a6ae90afbf8e354b84a7e13d4a236bc8766180a362cc8344c On npm install, the package's postinstall hook runs id to capture the installer's uid/gid/group identity and opens a raw TCP socket to...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/20 7:23 a.m.9 views

MAL-2026-4481 Malicious code in arc-diag-util (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 95f08d97107d726a6ae90afbf8e354b84a7e13d4a236bc8766180a362cc8344c On npm install, the package's postinstall hook runs id to capture the installer's uid/gid/group identity and opens a raw TCP socket to...

5.8AI score
Exploits0References1
Rows per page
Query Builder