259 matches found
Many Hands Make Light Work: An LLM-Based Multi-Agent System for Detecting Malicious PyPI Packages
Malicious code in open-source repositories such as PyPI poses a growing threat to software supply chains. Traditional rule-based tools often overlook the semantic patterns in source code that are crucial for identifying adversarial components. Large language models LLMs show promise for software...
EUVD-2020-0170
Malware in sbrugna...
EUVD-2006-0809
Malware in sbrugna...
EUVD-2003-1434
Malware in sbrugna...
MAL-2025-6242 Malicious code in dexa56 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f43715f87a1218ff23eb2b375c7b84ac74b6e17a9035aeb9ea4c0657546b4484 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-5908 Malicious code in dt-retag-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2d21deb5c26c8d9b0043ce26b0fe5ec1625607ab1e1c37102589f92ab7187364 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-5897 Malicious code in bk-card-cc-credit-limit-adjustment-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 839ee8572e063e7008de9939f5e66afdb87eb4083735168ee48b739ed54814d9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-5932 Malicious code in laudekasarkarmulavakghantamuzi (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 53ada8ae86f15e6d70241f7c416f8e6b06cc0a99945f927863aa7a134e4e1ed9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-5863 Malicious code in ltiditest2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 83fb4582ce1cfad526a2d45083d7e6199fed61f683196be2584060c68bcbf822 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-5715 Malicious code in pbr-client (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4933f0eae305db421cd46414b1773fb97338c6966af0abd06e1232ffe4c4c96f Any computer that has this package installed or running should be considered...
MAL-2025-5319 Malicious code in workflows-templates (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d9c885607af191f5acc692b6c3050cc0bbdf52d98ab543e79cef7d32387e247d Any computer that has this package installed or running should be considered...
MAL-2025-5291 Malicious code in defectdojosw (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 93d614c0d808786b112774fdec4eb2b8afecef6ec8de82e4945bdc644e5023c4 The OpenSSF Package Analysis project identified 'defectdojosw' @ 10.1.0 npm as malicious. It is considered malicious because: - The package...
MAL-2025-5245 Malicious code in @monorepo-lens/pnpm-collector (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 67c6ea5bbdbe7b178435d3ad215c7b7a36c72b9a0850c6f074da4f085d90e5cd Any computer that has this package installed or running should be considered...
MAL-2025-5209 Malicious code in vite-auditlog (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f572293aa98c3908f745c0548edfb1b2fff98c0f4df1f5e4ba96ec83743d5ae9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-5261 Malicious code in drivers-kit (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0ba30922790421a31176c5d094f9244d7e2c5aefa5a38c9506763c5adb863f66 Any computer that has this package installed or running should be considered...
MAL-2025-4921 Malicious code in frontend-tests (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 84270f7cb41eec813ccd947f1510d8849dc7ec317990d0be20450a14a28d69e0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-4911 Malicious code in yt606060-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a34a6e4b5985ebe933d9f77c07d0caa2d2c46ab01a085ddf49c79d900474f83b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-4607 Malicious code in @chatbot-builder/core (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6ace9cff4af8d9323da0b8644083e75867baace24814284462f536c574065052 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-4307 Malicious code in cardbuild (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b1f2276e716b290bb85f3f6aa2adeee74453a0e1ed7fb32e56a420b3676cffad Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-4372 Malicious code in makitest_npm (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c4bce38be2f9dbf07fa9b64f7ff409ebcc2cd187af5a741804b069b2387c1a69 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...