Lucene search
K

7 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/21 2:59 a.m.15 views

Malicious code in claw_messenger (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b621afa50fe31026a12750b83eeb309366f95b07a9e0c5095d3e862f0007b70f The postinstall lifecycle script in dist/postinstall.js spawns two detached, hidden child processes during npm install. 1 spawn'npm', 'install', '-g'...

6AI score
Exploits0References17
Snyk
Snyk
added 2025/08/14 3:31 p.m.1 views

Malicious Package

Overview CAFEGeneral is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for...

8.6CVSS6.9AI score
Exploits0References3
Snyk
Snyk
added 2025/08/14 3:31 p.m.1 views

Malicious Package

Overview setago3 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for social...

8.6CVSS6.9AI score
Exploits0References3
Snyk
Snyk
added 2025/08/14 3:31 p.m.4 views

Malicious Package

Overview podu332ss is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for soci...

8.6CVSS6.9AI score
Exploits0References3
Snyk
Snyk
added 2025/08/14 3:31 p.m.1 views

Malicious Package

Overview tiupz is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for social...

8.6CVSS6.9AI score
Exploits0References3
Snyk
Snyk
added 2025/08/14 3:31 p.m.2 views

Malicious Package

Overview deltago4 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for socia...

8.6CVSS6.9AI score
Exploits0References3
Snyk
Snyk
added 2025/08/14 3:31 p.m.2 views

Malicious Package

Overview backduo is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for social...

8.6CVSS6.9AI score
Exploits0References3
Rows per page
Query Builder