Lucene search
+L

44781 matches found

ossf
ossf
added 3 days ago8 views

Malicious code in abuden229 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 348ad89821b1ea36a325bc8f2e570b3a74e3a6238381106746bc31146c743fec The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
ossf
ossf
added 3 days ago6 views

Malicious code in kuaishou (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd1d5daf09cc7bfff164e60bf5abd0a1b374b5bb616f0a78cac8f6c6ea613608 The package's prepare lifecycle script, which runs automatically on npm install, collects host, user, and platform identifiers along with the full...

6.1AI score
Exploits0References4
thn
thn
added 6 days ago10 views

Injective Labs GitHub Compromise Pushes Wallet-Key-Stealing npm Packages

Unknown threat actors compromised the Injective Labs SDK project's GitHub repository and leveraged it to publish a malicious package on the npm registry to steal cryptocurrency wallet private keys and mnemonic seed phrases. The compromised version, @injectivelabs/[email protected] , came embedded wi...

6.1AI score
Exploits0
ossf
ossf
added last week9 views

Malicious code in type-slint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b5cd26e040f4f4366ed65cca4b70258d276f781e0aab76b99b5573d4007a97d The npm package [email protected] masquerades as the pino logger copied module layout, exports as module.exports.pino, keywords fast/logger/stream/jso...

6.1AI score
Exploits0References3
osv
osv
added 2026/07/09 12:0 a.m.3 views

MAL-2026-10038 Malicious code in antsrcsrctest (npm)

The npm package antsrcsrctest masquerades as a "simple date formatting utility" index.js exports a harmless formatDate function that is never referenced by the malicious code but is a credential-harvesting and cloud-metadata-stealing reconnaissance tool. It declares a preinstall: node preinstall....

6.1AI score
Exploits0References2
osv
osv
added 2026/07/09 12:0 a.m.2 views

MAL-2026-10074 Malicious code in testis-pack (npm)

The npm package testis-pack presents itself as a small binary packing/checksum utility pack/unpack/checksum/inspect but embeds an obfuscated dropper. It declares a preinstall: node index.js hook. The strings for the C2 host, path and dropped-binary name are not present in plaintext — they are...

6.5AI score
Exploits0References3
ossf
ossf
added 2026/07/09 12:0 a.m.8 views

Malicious code in testis-pack (npm)

The npm package testis-pack presents itself as a small binary packing/checksum utility pack/unpack/checksum/inspect but embeds an obfuscated dropper. It declares a preinstall: node index.js hook. The strings for the C2 host, path and dropped-binary name are not present in plaintext — they are...

6.5AI score
Exploits0References3
ossf
ossf
added 2026/07/08 4:27 p.m.11 views

Malicious code in searchresults (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c7d5453a0b1576ed8880071cda901607e79f25378700d3f999ab2c9715e00635 [email protected] is a high-version dependency-confusion squat on the generic name 'searchresults'. package.json declares preinstall and...

6.4AI score
Exploits0References2
ossf
ossf
added 2026/07/06 12:0 a.m.5 views

Malicious code in tme-error (npm)

The tme-error package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization a 'tme' internal...

6.1AI score
Exploits0References3
osv
osv
added 2026/07/06 12:0 a.m.4 views

MAL-2026-10236 Malicious code in tme-xca (npm)

The tme-xca package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization a 'tme' Travel Mall /...

6.2AI score
Exploits0References3
osv
osv
added 2026/07/06 12:0 a.m.3 views

MAL-2026-10224 Malicious code in @idms-corp/auth-ui (npm)

The @idms-corp/auth-ui package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization the @idms-cor...

6.1AI score
Exploits0References4
osv
osv
added 2026/07/06 12:0 a.m.3 views

MAL-2026-10227 Malicious code in box-react-uix (npm)

The box-react-uix package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization a 'box' internal...

6.1AI score
Exploits0References3
osv
osv
added 2026/07/02 12:0 a.m.4 views

MAL-2026-6767 Malicious code in @marketfront/basemarkettemplate (npm)

The @marketfront/basemarkettemplate package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and...

6.1AI score
Exploits0References2
ossf
ossf
added 2026/06/30 8:59 p.m.13 views

Malicious code in @sudoughnym/enviro-demo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 02c1c204d0f458d13d7140f4b7a007d551095665a418e9146037be9a5b2b7957 @sudoughnym/[email protected] ships preinstall.js and postinstall.js lifecycle scripts that run automatically on npm install. Both scripts collect...

5.8AI score
Exploits0References2
ossf
ossf
added 2026/06/30 8:59 p.m.7 views

Malicious code in @businessapp-microsites/apis (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b70ab5da6865ec94b15097fa84836ab41f39b65a5277974b407c545d8d424c7f @businessapp-microsites/[email protected] is a dependency-confusion squat against the private scope @businessapp-microsites, published with an implausibl...

6AI score
Exploits0References4
osv
osv
added 2026/06/30 8:38 p.m.7 views

MAL-2026-6698 Malicious code in cursed-modules (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45b6aab954f9b8edbc759c97eabe39d7a070c4dbe852586422761ad0f8c7ad95 [email protected] executes attacker-controlled code on three separate triggers and operates a bidirectional command channel against a hardcoded...

6AI score
Exploits0References19
osv
osv
added 2026/06/30 12:0 a.m.8 views

MAL-2026-6688 Malicious code in console-fmt-cli (npm)

Malicious npm package published as part of a coordinated DeFi-themed infostealer campaign. console-fmt-cli uses a side-loader technique: it declares decimal-format-core =3.0 as a dependency, which contains a dropper that executes at install time via a postinstall hook. The dropper fetches a...

6.3AI score
Exploits0References12
osv
osv
added 2026/06/30 12:0 a.m.5 views

MAL-2026-6692 Malicious code in polymarket-trading-developer-tools (npm)

Malicious npm package published as part of a coordinated DeFi-themed infostealer campaign targeting Polymarket developers. polymarket-trading-developer-tools uses a dropper technique: a postinstall hook downloads configuration from pm-trading-dev-tools-be.vercel.app and exfiltrates data to the...

6AI score
Exploits0References3
ossf
ossf
added 2026/06/29 4:50 p.m.11 views

Malicious code in @experian-shared/services (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0b9781b2089d3aeafbedfe7c81af43904472553991bd7e50695ab301d4529eaa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
osv
osv
added 2026/06/29 3:20 a.m.7 views

MAL-2026-6573 Malicious code in rebrandly-domains-search-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d4464320c8530d582d35f85ce95045182d82e1dd63a830644bcb68f05bdf10e Package [email protected] is an empty module index.js exports an empty object whose package.json preinstall hook runs node...

5.8AI score
Exploits0References2
Rows per page
Query Builder