CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to the "Miasma" supply chain attack targeting the @redhat-cloud-services npm namespace. A malicious actor compromised the publication pipeline and published versions containing malicious code that includes...

Embedded Malicious Code

Embedded Malicious Code

Embedded Malicious Code

OSSF Malicious Packages•added 2026/05/31 1:13 p.m.•12 views

Malicious code in obfuscation (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9a6d747918a89b433d6b670595d6b8d3049f49a69762c3e483d4f0f9dbeb81a3 During installation, the code tamper with security settings and downloads and executes malicious executable. --- Category: MALICIOUS - The campaign has clearly...

OSV•added 2026/05/31 10:18 a.m.•5 views

MAL-2026-5098 Malicious code in js-shared-modules (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b5d28882e3ff8afe78db631ca5e1129d2b08f976f17f66ffe2b14834184ce09a package.json declares "postinstall": "node poc.js", which fires automatically on every npm install. poc.js reads os.hostname, hex-encodes it, and...

5.4AI score

OSSF Malicious Packages•added 2026/05/30 5:6 p.m.•13 views

Malicious code in discord-ban (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4e19806a65bf83b5648eb280baedca899972d98e8c3f921080390458e8394413 Package steals data from web browsers credentials, credit cards, history, ... --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

OSSF Malicious Packages•added 2026/05/30 4:25 p.m.•12 views

Malicious code in cms-storehub (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dda5fa0b4771a3299568c8dd8d17d5663d9c8ae782b8c71f4a2baf0ce1f8e5ee Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSV•added 2026/05/30 4:25 p.m.•7 views

MAL-2026-5097 Malicious code in cms-storehub (npm)

OSV•added 2026/05/30 4:14 p.m.•12 views

MAL-2026-5090 Malicious code in neuralforge-ml (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c0a68c3ef2f7680eab753f62cc1792ae7df68bb15400e09971cc9c34a444307b The package contains stub code only imitating real actions. Starting with version 0.9.9, the code contains exfiltration capability activated under specific...

5.9AI score

OSSF Malicious Packages•added 2026/05/30 2:47 p.m.•11 views

Malicious code in crypto-helper (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 bbb379240ef7e43770f6dab576919fa97bd23ffbb8d3e39b31fd656649335fd7 During installation, the code tamper with security settings and downloads and executes malicious executable. --- Category: MALICIOUS - The campaign has clearly...

OSSF Malicious Packages•added 2026/05/30 2:36 p.m.•10 views

Malicious code in cryptolock (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b0140fddafadce54debaca7d9591e2770acd987aaf90ec7008b4ae4cf301c233 During installation, the code tamper with security settings and downloads and executes malicious executable. --- Category: MALICIOUS - The campaign has clearly...

OSV•added 2026/05/30 2:36 p.m.•10 views

MAL-2026-5089 Malicious code in cryptolock (PyPI)

Snyk•added 2026/05/29 10:54 p.m.•9 views

Malicious Package

Overview @cloudplatform-single-spa/dataplatform-metastore is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...

OSSF Malicious Packages•added 2026/05/29 10:9 p.m.•13 views

Malicious code in puppeteer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9032a522708cf49b925eaee77c313e16ee097040af91a2a9c86e16a957a183e0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSV•added 2026/05/29 10:9 p.m.•4 views

MAL-2026-5077 Malicious code in puppeteer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware abb5e0ca28fe73f218eea4bcbf584520cc1618dbc617326c9036f4de5b9a85c9 Withdrawn Advisory This advisory has been withdrawn because the malicious package detection was a false positive. This link is maintained to preserve...

5.5AI score

OSSF Malicious Packages•added 2026/05/29 10:9 p.m.•14 views

Malicious code in midoss (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 73bce73a188c2742f2c66ec85906c0bea50468d8c606fd6d38d4ea5698119007 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSV•added 2026/05/29 10:9 p.m.•6 views

MAL-2026-5073 Malicious code in midoss (npm)

OSV•added 2026/05/29 10:9 p.m.•8 views

MAL-2026-5063 Malicious code in customerdigital-service-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d58926a994bd05ac4db3c984f96186b2d52da1235a3f56f34843c01dd2246408 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSSF Malicious Packages•added 2026/05/29 10:9 p.m.•13 views

Malicious code in customerdigital-service-lib (npm)