Lucene search
K

185 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 15 hours ago5 views

Malicious code in eth-dev (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 51f051957ac6f91e8567df873978b45c0c81a170f94decbd735d329f312ff1bb On require, index.js schedules a 37-second delayed routine that reads test/fixtures/keypairs.dat, base64-decodes it into /.cache-db/.node-sync/syncd....

6.1AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago5 views

Malicious code in jupiter-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f8e0901ca45da110106c60f288b0166fc51c348a44569d7e7ff22af3d19deafe On import jupitersdk, the package's top-level init.py fetches a payload over HTTPS from a public IPFS gateway...

6.6AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago5 views

Malicious code in eth-agent (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3131490d64c4ae90de2926ca90f6fce23e6a113d1e6538db5ce98ffcf06983d1 The top-level ethagent/init.py performs an outbound HTTP fetch to a hardcoded IPFS gateway URL...

6.3AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago9 views

Malicious code in solidity-dev (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 30501f6602a5b5b436ef5d6224ec332fa866c9e8b9da4d0de3bc69de868b1fff soliditydev/init.py contains a large base64-encoded Linux x8664 ELF binary in PAYLOADB64. On import soliditydev, the module decodes the blob, writes ...

6.2AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago17 views

Malicious code in tslint-conf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31b464b1646f8e2d36ce68a86af599cc49d5381f08af70302ff01f42957234a1 The package presents itself as the pino logger README, index.d.ts, docs/, and lib/ files all reference pinojs/pino but is published under the unrelat...

6.2AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/25 5:38 p.m.20 views

Malicious code in api-rs-node (npm)

A campaign of npm packages sharing a common dropper clob.js that downloads and persistently installs a Windows executable from IPFS on postinstall. The dropper fetches the binary from IPFS CID bafybeif3zkapj364ofnrvbty7oj5h5ufpxlp4s62usk3ulxrru35e3gssa via multiple public gateways Pinata,...

5.5AI score
Exploits0References4
OSV
OSV
added 2026/05/25 5:38 p.m.27 views

MAL-2026-4348 Malicious code in api-rs-node (npm)

A campaign of npm packages sharing a common dropper clob.js that downloads and persistently installs a Windows executable from IPFS on postinstall. The dropper fetches the binary from IPFS CID bafybeif3zkapj364ofnrvbty7oj5h5ufpxlp4s62usk3ulxrru35e3gssa via multiple public gateways Pinata,...

5.5AI score
Exploits0References4
OSV
OSV
added 2026/05/25 12:3 p.m.16 views

MAL-2026-4350 Malicious code in clobprice.api (npm)

A campaign of npm packages sharing a common dropper clob.js that downloads and persistently installs a Windows executable from IPFS on postinstall. The dropper fetches the binary from IPFS CID bafybeif3zkapj364ofnrvbty7oj5h5ufpxlp4s62usk3ulxrru35e3gssa via multiple public gateways Pinata,...

5.8AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/25 12:2 p.m.19 views

Malicious code in clob.api (npm)

A campaign of npm packages sharing a common dropper clob.js that downloads and persistently installs a Windows executable from IPFS on postinstall. The dropper fetches the binary from IPFS CID bafybeif3zkapj364ofnrvbty7oj5h5ufpxlp4s62usk3ulxrru35e3gssa via multiple public gateways Pinata,...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/25 12:2 p.m.13 views

MAL-2026-4349 Malicious code in clob.api (npm)

A campaign of npm packages sharing a common dropper clob.js that downloads and persistently installs a Windows executable from IPFS on postinstall. The dropper fetches the binary from IPFS CID bafybeif3zkapj364ofnrvbty7oj5h5ufpxlp4s62usk3ulxrru35e3gssa via multiple public gateways Pinata,...

5.8AI score
Exploits0References1
Brave Browser
Brave Browser
added 2026/05/07 4:17 a.m.14 views

Brave Desktop 1.90.121 Security Fixes

Changed IPFS gateway usage from "ipfs.io" to "inbrowser.link" for IPFS domain resolution. - Fixed broken address bar layout for narrow window widths. - Updated body-sniffing to respect "Content-Disposition: attachment" in de-AMP as reported on HackerOne by newfunction. Upgraded Chromium to...

5.8AI score
Exploits0References4Affected Software1
Wolfi
Wolfi
added 2026/04/11 2:51 a.m.10 views

CVE-2026-32283 vulnerabilities

Vulnerabilities for packages: golangci-lint, haproxy-ingress, kyverno-policy-reporter-ui, fluxcd-kustomize-mutating-webhook, hugo, cloud-provider-aws, helm-mapkubeapis, terraform-provider-kubernetes, kserve-rest-proxy, newrelic-nri-statsd, telegraf, kubernetes-csi-external-resizer,...

7.5CVSS6.9AI score0.00621EPSS
Exploits0
Wolfi
Wolfi
added 2026/04/11 2:51 a.m.26 views

GHSA-JRG3-GFJW-HM96 vulnerabilities

Vulnerabilities for packages: golangci-lint, haproxy-ingress, kyverno-policy-reporter-ui, fluxcd-kustomize-mutating-webhook, hugo, cloud-provider-aws, helm-mapkubeapis, terraform-provider-kubernetes, kserve-rest-proxy, newrelic-nri-statsd, telegraf, kubernetes-csi-external-resizer,...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/04/11 2:51 a.m.12 views

CVE-2026-32281 vulnerabilities

Vulnerabilities for packages: golangci-lint, haproxy-ingress, kyverno-policy-reporter-ui, fluxcd-kustomize-mutating-webhook, hugo, cloud-provider-aws, helm-mapkubeapis, terraform-provider-kubernetes, kserve-rest-proxy, newrelic-nri-statsd, telegraf, kubernetes-csi-external-resizer,...

7.5CVSS6.9AI score0.00349EPSS
Exploits0
Chainguard
Chainguard
added 2026/04/11 2:18 a.m.12 views

CVE-2026-32288 vulnerabilities

Vulnerabilities for packages: kube-state-metrics, gitaly-fips, runc, bom, nsc, amazon-ecs-agent-fips, harbor, azure-aad-pod-identity-mic, amazon-ecs-cni-plugins-fips, kubernetes-fips, helm-push, kyverno, terraform-fips, tigera-operator-fips, flux-helm-controller, mattermost, kbld, rclone-fips,...

5.5CVSS6.2AI score0.0029EPSS
Exploits0
Chainguard
Chainguard
added 2026/04/11 2:18 a.m.8 views

GHSA-X4JJ-H2V8-HQQV vulnerabilities

Vulnerabilities for packages: kube-state-metrics, gitaly-fips, runc, bom, nsc, amazon-ecs-agent-fips, harbor, azure-aad-pod-identity-mic, amazon-ecs-cni-plugins-fips, kubernetes-fips, helm-push, kyverno, terraform-fips, tigera-operator-fips, flux-helm-controller, mattermost, kbld, rclone-fips,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/04/11 2:18 a.m.64 views

GHSA-5W89-2C2X-6X66 vulnerabilities

Vulnerabilities for packages: gitaly-fips, scanner-test-golang-vulnerability-fixed, crossplane-function-go-templating, tetragon-fips, nsc, go-discover, seaweedfs-operator, dcgm-exporter, goose, amazon-ecs-cni-plugins-fips, crossplane-provider-aws-route53-fips, supercronic-fips, mc,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/04/11 2:18 a.m.13 views

CVE-2026-32283 vulnerabilities

Vulnerabilities for packages: kube-state-metrics, gitaly-fips, mcp-grafana-fips, volume-modifier-for-k8s-fips, scanner-test-golang-vulnerability-fixed, aws-efs-csi-driver-fips, crossplane-function-go-templating, crossplane-provider-aws-s3-fips, spilo, multus-cni-fips, tetragon-fips, runc,...

7.5CVSS6.9AI score0.00621EPSS
Exploits0
Wolfi
Wolfi
added 2026/04/07 7:50 p.m.8 views

GHSA-378J-3JFJ-8R9F vulnerabilities

Vulnerabilities for packages: k3s, ipfs-cluster, spegel...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/04/07 7:50 p.m.8 views

CVE-2026-35480 vulnerabilities

Vulnerabilities for packages: k3s, ipfs-cluster, spegel...

6.2CVSS6.1AI score0.00156EPSS
Exploits0
Rows per page
Query Builder