Lucene search
K

8 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/04 10:27 p.m.16 views

Malicious code in hbsig (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 96b3a65aade5ea74ab5761d7ad3a332834594752f34fdb69a095efe59a681c90 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.1AI score
Exploits0References3
OSV
OSV
added 2026/06/04 10:27 p.m.12 views

MAL-2026-5189 Malicious code in arjson (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 00290c05e0c41a8f51d38c629ade5b3fe76f2a89302db8daac669b0c80d13197 package.json declares "preinstall": "./.github/scripts/precheck", which on npm install executes a 976KB UPX-packed Linux ELF binary shipped under...

5.6AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/04 10:27 p.m.17 views

Malicious code in weavedb-contracts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a352d761eba6aa71b41fc09bb621d3f04e8c7c0e74487392a7c69e77719426b9 No concrete indicators of installer-side harm were identified in this version of weavedb-contracts. No lifecycle scripts, network beacons, credential...

6AI score
Exploits0References3
OSV
OSV
added 2026/06/04 10:27 p.m.12 views

MAL-2026-5194 Malicious code in yaml-javascript (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security d83c3b506a10b770a8c1f98d280262478cccc65708bb1066a72e0708dccaaf75 This malicious package is part the IronWorm campaign. This campaign executes a malicious binary payload during installation via a preinsta...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/04 10:27 p.m.16 views

Malicious code in javascript-yaml (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security d83c3b506a10b770a8c1f98d280262478cccc65708bb1066a72e0708dccaaf75 This malicious package is part the IronWorm campaign. This campaign executes a malicious binary payload during installation via a preinsta...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/06/04 10:27 p.m.13 views

MAL-2026-5190 Malicious code in hbsig (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 146faaf0d97c6a533a969bc3f3f117811f9317dc865ed4ab37f1679842ddeaae This package was compromised as part of the IronWorm campaign. This campaign executes a malicious binary payload during installation via a...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/06/04 10:27 p.m.10 views

MAL-2026-5192 Malicious code in weavedb-contracts (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 146faaf0d97c6a533a969bc3f3f117811f9317dc865ed4ab37f1679842ddeaae This package was compromised as part of the IronWorm campaign. This campaign executes a malicious binary payload during installation via a...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/06/04 10:27 p.m.12 views

MAL-2026-5193 Malicious code in javascript-yaml (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security d83c3b506a10b770a8c1f98d280262478cccc65708bb1066a72e0708dccaaf75 This malicious package is part the IronWorm campaign. This campaign executes a malicious binary payload during installation via a preinsta...

5.8AI score
Exploits0References2
Rows per page
Query Builder