CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/05/26 12:30 p.m.•8 views

MAL-2026-4810 Malicious code in binproto (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 72de81f36a15d75d302ca94b378c3e5025b6d0cb2d24360d06527130ed053ebd When using the provided functionality, the code silently downloads and executes a malicious executable. --- Category: MALICIOUS - The campaign has clearly...

OSSF Malicious Packages•added 2026/05/26 12:30 p.m.•10 views

Malicious code in binproto (PyPI)

OSSF Malicious Packages•added 2026/05/26 12:27 p.m.•11 views

Malicious code in int-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 369f6932b06597ffc51269a3c2634d158a10270a5c79eb9e4842818e8570c544 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSSF Malicious Packages•added 2026/05/26 12:27 p.m.•8 views

Malicious code in web3-prices (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ee650bfe594eb17193a4760fd6fc279eb10670ae045500913ea673951427b47e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSSF Malicious Packages•added 2026/05/26 12:27 p.m.•11 views

Malicious code in web3.prc (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6db6feb92bb662bbf24ea3769595c836f3443f8fb33833b094134f294704af70 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSV•added 2026/05/26 12:27 p.m.•9 views

MAL-2026-4800 Malicious code in web3-prices (npm)

OSSF Malicious Packages•added 2026/05/26 12:15 p.m.•9 views

Malicious code in @fhkry/baileys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 75b00f1cbf8b88a31654d13fe812fd9201f0b0c92f9ddad31fea59376752a636 This package is a Baileys WhatsApp Web library fork that, on every WebSocket connection, silently performs WhatsApp newsletter actions on the...

OSV•added 2026/05/26 12:15 p.m.•6 views

MAL-2026-4803 Malicious code in @fhkry/baileys (npm)

OSSF Malicious Packages•added 2026/05/26 12:7 p.m.•11 views

Malicious code in shop-minis (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e9e3e4e8e9e12bac20967fa551c549a93915b33007d7e54f8bfe0eed26a216e On npm install, the package's postinstall script postinstall.js, run via scripts.postinstall = 'node postinstall.js' collects host identity — whoami,...

OSSF Malicious Packages•added 2026/05/26 12:4 p.m.•12 views

Malicious code in fastjsonlog (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c215826041044ae60befaac2d8d5cb29653cb12091b5803ed0a7cf8fff83f94b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSV•added 2026/05/26 12:4 p.m.•7 views

MAL-2026-4796 Malicious code in fastjsonlog (npm)

OSV•added 2026/05/26 12:4 p.m.•7 views

MAL-2026-4798 Malicious code in jsonlogbundler (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware af7e3df4204ea4db553819eb10281c596a2eae07343d8143e3ef63b708881dce Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSSF Malicious Packages•added 2026/05/26 12:4 p.m.•10 views

Malicious code in jsonlogbundler (npm)

OSSF Malicious Packages•added 2026/05/26 11:56 a.m.•10 views

Malicious code in pdf-lib-enhanced (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a4da0334724e86909030ba354dab57e4c522c139a925d3ec06559541179c562e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSV•added 2026/05/26 11:56 a.m.•7 views

MAL-2026-4802 Malicious code in xlsx-enhanced (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5196a5b8e1db8092bb735b33db7212278bd080b11315dab3eae15251655c22a2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSV•added 2026/05/26 11:56 a.m.•6 views

MAL-2026-4799 Malicious code in pdf-lib-enhanced (npm)

OSV•added 2026/05/26 10:27 a.m.•5 views

MAL-2026-4806 Malicious code in shizukyu (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31c8d6ffda18d74aa3d25ab3804e721a72dc385d89f2742d7c9e967919b27449 The package exports a single function shizukuChsocket that accepts a caller's authenticated Baileys WhatsApp socket and invokes...

OSV•added 2026/05/26 8:46 a.m.•8 views

MAL-2026-4792 Malicious code in react-json-chalk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a2b0f9e236c71a3da2c36dd19a90a0a3e096503e79754d25ce2a13eb5d72d77 The package is published as react-json-chalk but its main entry pino.js impersonates the pino logger homepage https://getpino.io, bundled pino source...

5.7AI score

OSV•added 2026/05/26 8:43 a.m.•6 views

MAL-2026-4794 Malicious code in indextts-cli (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fc206ef48bfccaec8e81aac2b666e2d54a4a027e8432cc1d08d3823cf333caca setup.py executes git clone --depth 1 --branch dev-3.12 https://github.com/gabry-lab/index-tts during the buildpy / egginfo / sdist / bdistwheel...