311901 matches found
Malicious code in fastapi-requests (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 8e414a858711540d25b63ced50114d396e150157b65a70056beccc38948a4199 The package clones a legitimate library and contains hidden code that executes remote scripts. During the analysis, the remote code was no longer available ---...
CVE-2026-28801
Natro Macro is an open-source Bee Swarm Simulator macro written in AutoHotkey. Prior to version 1.1.0, any ahk code contained inside of a pattern or path file is executed by the macro. Since users commonly share path/pattern files, an attacker could share a file containing malicious code, which i...
Malicious Package
Overview xapitest is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
Malicious Package
Overview solaraupdater is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview @captivateiq/random is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview cursor-always-local is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview proton-shared is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview take4-hello-world is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview @justworkshr/alma is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview wt-fe-buz-business-stoplimit is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
CVE-2026-28801 Natro Macro: Code Injection through Pattern/Path files
Natro Macro is an open-source Bee Swarm Simulator macro written in AutoHotkey. Prior to version 1.1.0, any ahk code contained inside of a pattern or path file is executed by the macro. Since users commonly share path/pattern files, an attacker could share a file containing malicious code, which i...
EUVD-2026-10008
Natro Macro is an open-source Bee Swarm Simulator macro written in AutoHotkey. Prior to version 1.1.0, any ahk code contained inside of a pattern or path file is executed by the macro. Since users commonly share path/pattern files, an attacker could share a file containing malicious code, which i...
MAL-2026-1258 Malicious code in tether-dev-docs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b0d07b28a3afe4c020244ad7d5415342f3d62c4436107a5d764307d102b193ef The package tether-dev-docs was found to contain malicious code. Source: ghsa-malware 57a6db50523e4b656bdec519331a0443d43f1f9ae2dd91e5e1a1ee5ab6cc5ed...
PT-2026-23654
Natro Macro is an open-source Bee Swarm Simulator macro written in AutoHotkey. Prior to version 1.1.0, any ahk code contained inside of a pattern or path file is executed by the macro. Since users commonly share path/pattern files, an attacker could share a file containing malicious code, which i...
MAL-2026-1257 Malicious code in pdfjs-dist-fourth (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fcaf355459e8baaef860a557036e51431e6eb6c44dcba0e800579cf978f2f64d The package pdfjs-dist-fourth was found to contain malicious code. Source: ossf-package-analysis...
CVE-2026-28353
Trivy Vulnerability Scanner is a VS Code extension that helps find vulnerabilities. In Trivy VSCode Extension version 1.8.12, which was distributed via OpenVSX marketplace was compromised and contained malicious code designed to leverage local AI coding agent to collect and exfiltrate sensitive...
EUVD-2026-9869
Trivy Vulnerability Scanner is a VS Code extension that helps find vulnerabilities. In Trivy VSCode Extension version 1.8.12, which was distributed via OpenVSX marketplace was compromised and contained malicious code designed to leverage local AI coding agent to collect and exfiltrate sensitive...
CVE-2026-28353 Trivy Vulnerability Scanner: Unauthorized AI Agent Execution Code Included in OpenVSX Extension Release
Trivy Vulnerability Scanner is a VS Code extension that helps find vulnerabilities. In Trivy VSCode Extension version 1.8.12, which was distributed via OpenVSX marketplace was compromised and contained malicious code designed to leverage local AI coding agent to collect and exfiltrate sensitive...
Malicious code in @imhuman/corp-build-utils-poc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6184a6191df94d0d85ce593a41435ea200b954b17ce7a90c83cd1fb6ec5453db The package @imhuman/corp-build-utils-poc was found to contain malicious code. Source: ghsa-malware...
MAL-2026-1247 Malicious code in @imhuman/corp-build-utils-poc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6184a6191df94d0d85ce593a41435ea200b954b17ce7a90c83cd1fb6ec5453db The package @imhuman/corp-build-utils-poc was found to contain malicious code. Source: ghsa-malware...