Lucene search
K

12 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago8 views

Malicious code in vite-pwa-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bab1e251883a8eceecc27c935ed05352375d438c1efbbd8727f2b13a766409d0 Package vite-pwa-config impersonates the popular vite-plugin-pwa antfu — the README instructs users to import configJson from vite-plugin-pwa, and...

6.6AI score
Exploits0References2
OSV
OSV
added 2026/06/26 9:19 p.m.14 views

MAL-2026-6539 Malicious code in db-query-log (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4928f7d380b79104d997e7666603726873158508c38d2c75a90c7529dd196be3 The package presents itself as a database query helper but index.js defines a method queryDBConnect that base64-decodes a hardcoded URL pointing to...

6.2AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/18 10:28 p.m.15 views

Malicious code in runtime-query (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 95ac68a991ebaacd1aef772aa462ad53510471f9f4439659a6e685e877aa460e On require, index.js lines 70-77 fetches JSON from https://jsonkeeper.com/b/CI3HT, extracts the .cookie field from the response, and passes it to new...

6.5AI score
Exploits0References2
OSV
OSV
added 2026/06/18 10:28 p.m.9 views

MAL-2026-6141 Malicious code in clx-cookie-signature (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9e0e91601d276764067b1b209efd17a1f59ef03ff4fc814bcb22c495f4a0f9b3 Package impersonates the popular cookie-signature library copying its README, author field 'TJ Holowaychuk ', and sign/unsign API, but index.js adds ...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/18 10:28 p.m.12 views

Malicious code in clx-cookie-signature (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9e0e91601d276764067b1b209efd17a1f59ef03ff4fc814bcb22c495f4a0f9b3 Package impersonates the popular cookie-signature library copying its README, author field 'TJ Holowaychuk ', and sign/unsign API, but index.js adds ...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 4:23 a.m.8 views

Malicious code in ts-webplug (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a120eb8e3f6ca34493b7f282544523ab60137e8388148b191f46cda094e50789 The package impersonates the pino logger README titled 'chai-mocks', badges linking to pinojs/pino, module export named pino while its actual package...

6AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/13 3:4 a.m.19 views

Malicious code in vite-config-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d1f9ee389e1023034a78a4c268db5d48e016565f37b7fb6c514bf095b2dec552 On require/import of the package, the entrypoint chain src/index.js → core/createConfig.js → features/plugins.js side-effect-imports...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/12 7:43 p.m.20 views

Malicious code in vite-plugin-compress-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7f7b2710441863a429a2a1833e06f54e9afc23c87d1b40d7ee09e1995c6a65c2 On module load, this Vite plugin performs an HTTP GET to https://www.jsonkeeper.com/b/XVHGD an anonymous, mutable paste host and passes the response'...

6AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 8:18 p.m.14 views

Malicious code in db-dx-connector (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 074f9125a23bf19f9f20f101c2db4888d121e6bd931fcb9933ef0e4f899c3759 The package name db-dx-connector inverts the word order of the legitimate dx-db-connector package whose own GitHub URL...

6.1AI score
Exploits0References4
OSV
OSV
added 2026/06/09 8:18 p.m.11 views

MAL-2026-5463 Malicious code in db-dx-connector (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 074f9125a23bf19f9f20f101c2db4888d121e6bd931fcb9933ef0e4f899c3759 The package name db-dx-connector inverts the word order of the legitimate dx-db-connector package whose own GitHub URL...

6.1AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/26 7:20 a.m.14 views

Malicious code in react-ui-polyfills (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 63c43460df1ee670b8a5982d77e7028aef7df25fa38922f743489fd52b41b5ea Package advertises itself as React polyfills / UI compatibility helpers but ships no React or polyfill code. The exported getPlugin function returns ...

5.7AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/22 3:22 p.m.15 views

Malicious code in midcorp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bc6725ed066ed5aff9452bd82d278fd89c1548768124d8b89cb8e5a5e8c3b05a The package masquerades as a pino-compatible logger package.json keywords fast/logger/stream/json, exports module.exports.pino = middleware, lib...

5.8AI score
Exploits0References1
Rows per page
Query Builder