311862 matches found
CVE-2026-42159
Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, Flowsint allows a user to create investigations, which are used to manage sketches and analyses. Sketches have controllable graphs, which are comprised...
Malicious code in @convera/ui-shared (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3fa0960816c1204042cecc61c5337e5db2c1407f5325cfc2ed26e43b5dc054d0 On npm install, the package's preinstall.js collects os.hostname and os.userInfo.username and sends them as query parameters /?hn=&un= via...
MAL-2026-3724 Malicious code in @convera/ui-shared (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3fa0960816c1204042cecc61c5337e5db2c1407f5325cfc2ed26e43b5dc054d0 On npm install, the package's preinstall.js collects os.hostname and os.userInfo.username and sends them as query parameters /?hn=&un= via...
Malicious code in async-http-tools (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 85e8a68bad6595a817f1dabed757662e2a04cfec7b45a86d9bfd61a7a78d14d1 During installation, package exfiltrates some basic info to a GitHub issue comment, and then attempt to set up a persistent infostealer focused on exfiltrating...
Malicious code in web3-helpers (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 8d6102ae402b2583a01da47e71f41cccba99fb7826dcf360004d8924557e1760 During installation, package exfiltrates some basic info to a GitHub issue comment, and then attempt to set up a persistent infostealer focused on exfiltrating...
MAL-2026-3664 Malicious code in workingitmehelpit (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 3e553fe0eea72dc43eab2696330acd6fbb3e4de8c95529eab6298411620c0c9f Package installs malware identified as a backdoor or reverse shell. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...
Malicious code in pandas-data (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 34c3e3d51b95102fd72f00c2b6c4bce7e34a801326dfbe7557f2d4346ed37508 Package installs persistent malware acting as Rat, with the focus of stealing data and modifying copied cryptowallet addresses. --- Category: MALICIOUS - The...
Malicious code in buffer-export (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 44f072eff9ef90a204331ae1a03c5c4296929dbf88a05fff1a529e397548421a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3656 Malicious code in buffer-export (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 44f072eff9ef90a204331ae1a03c5c4296929dbf88a05fff1a529e397548421a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3657 Malicious code in chai-as-streamed (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fef1582aa7fb15599bd48e6f077be4d1a577d3916cf2c2650893f0406ede8ea3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in puppeteer-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 280757b24c4ec5428a205e302200508a0438aa8f51e0a6ad95dbd3728f6a4db1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @puppeteer/browsers (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 76482d9b1a887d0692b8dd6aab8071a8d96388a065c1e512999107e4c4e9cd54 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3654 Malicious code in @puppeteer/browsers (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a28ea47c2f5a0ac44e0059f5b5f7f0595f6f3d54da32a45478e3fb0b76e7a605 Withdrawn Advisory This advisory has been withdrawn because the malicious package detection was a false positive. This link is maintained to preserve...
Malicious code in truffle-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 52bd5b41de871fbbc8c5895f63dfec08ba2ff6ecb9ea03fa6fdb5d9245c74616 The package.json lifecycle script invokes require'childprocess'.execSync with a curl command at install time. Running curl through childprocess durin...
MAL-2026-3708 Malicious code in ethers-io (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 098acd1dccfed8bcaea9f56206745eef7c9e4cd368599ba23f762a84c86bbc14 The package's package.json declares a postinstall script that base64-decodes a hidden URL http://8.217.75.147:3000/payload and pipes the HTTP respons...
MAL-2026-3715 Malicious code in solc-helper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2016baa4fe29c296464b8381f88440457a113d79e2773d2252eb609a15ea2e03 package.json's postinstall lifecycle script runs node -e to base64-decode a hidden URL and pipe its contents to bash: curl -s...
Malicious code in ethers-common (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a7b953533124edcc31e4293ed6bffe010e9110d795f812ba432de8b81d4d558 package.json declares a postinstall hook that base64-decodes the URL http://8.217.75.147:3000/payload, fetches it via curl over plain HTTP, and pipes...
MAL-2026-3707 Malicious code in ethers-common (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a7b953533124edcc31e4293ed6bffe010e9110d795f812ba432de8b81d4d558 package.json declares a postinstall hook that base64-decodes the URL http://8.217.75.147:3000/payload, fetches it via curl over plain HTTP, and pipes...
MAL-2026-3718 Malicious code in web3-common (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2e42f568897d9af194eb75275059455c99b369456b0c8e0ffe13e7f32be839e6 The OpenSSF Package Analysis project identified 'web3-common' @ 1.0.0 npm as malicious. It is considered malicious because: - The package execut...
Malicious code in openai-spellcheckers (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 195e6ac284c1a3e97b7683250a5514ed89d903819d2a3c97987782d4725e0e9f Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...