CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSSF Malicious Packages•added 2 days ago•5 views

Malicious code in pkg-telemetry-r4f9 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector decf727db779a7cc4017b0bd8000f9fb40bcc5c6d93b016144a94e245886ea4e On install, package.json's postinstall hook runs node run.js, which loads beacon scripts that combine childprocess, os, and http modules to collect...

5.5AI score

OSV•added 2 days ago•2 views

MAL-2026-5992 Malicious code in runtime-metrics-w7k2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9c2062a3f2564ced7261d9b8be8a49e11117bd74ffe3e92aad6029c471921e2d Package declares a postinstall hook "postinstall": "node run.js" that fires automatically on npm install. The tarball ships beacon scripts beacon18.j...

OSV•added 2 days ago•2 views

MAL-2026-5986 Malicious code in npm-sandbox-ping-r9t2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 335649d395a44d7de1bc6343dbce1f0459414ef92ab149413a86b47e28f3c7c3 package.json declares a postinstall hook "postinstall": "node run.js" that auto-executes on install. The package ships beacon scripts beacon14.js,...

5.7AI score

OSV•added 2 days ago•4 views

MAL-2026-5973 Malicious code in classbreeze-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e19daf4f946816f5ba3c6e592eacc980861b281c6752b738de57fdd31f49279d The package masquerades as a Tailwind plugin: README and the top of src/index.js are a verbatim clone of @tailwindcss/typography...

5.5AI score

Exploits0References3

OSSF Malicious Packages•added 2 days ago•5 views

Malicious code in cryptodao-backend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2dbe5f8614a264a8d3cdd2ecf8ecd2ad17292dbb5c5bcc25d0ae9d77eb8821df package.json declares postinstall: node recon.js, which auto-runs on npm install. recon.js lines 30-46 scrapes a curated list of credential-bearing...

5.3AI score

OSV•added 2 days ago•3 views

MAL-2026-5946 Malicious code in @mastra/editor (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d15cb5bd62365f9e834fc44ed65e0db2c34aae555a5068c706cc9de0567a5fc0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSSF Malicious Packages•added 3 days ago•7 views

Malicious code in npmjs-doc-builder (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9e75a4fc474b58b6d7226e8448d6c909312baf7aff6e9587188cc56a2a5dface Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSSF Malicious Packages•added 3 days ago•7 views

Malicious code in @ts-internal/shared-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7afc836ea4b9ecc7e09f0add976470f1b4e253f8b5b53b3ce706889efb349171 The package squats the internal-looking scope @ts-internal/shared-lib on the public npm registry and runs a network beacon both during install...

OSV•added 3 days ago•3 views

MAL-2026-5863 Malicious code in @ts-internal/shared-lib (npm)

5.5AI score

OSV•added 3 days ago•3 views

MAL-2026-5862 Malicious code in vitest-pro (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 39810890a1ffc946b3da439738fb619eab1613a775a308d6f248b80b38ce5603 Package vitest-pro is a namespace-abuse lure: its name suggests a vitest extension, but its source tree, README, and main entry lib/nodemailer.js are...

5.3AI score

OSV•added 3 days ago•3 views

MAL-2026-5859 Malicious code in setka-editor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9dd5cda5d5a0925c139a36f0ea4c69b96052ff203d7dc365ac119408ba76069 package.json registers both preinstall and postinstall lifecycle hooks that run node callback.js, which executes automatically on npm install...

OSV•added 4 days ago•3 views

MAL-2026-5847 Malicious code in reading-cookies (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d137cd4e8e7fc6d323c33ed04a87a97b152b217f948d01fae3172900751bf121 On import, the package's middleware spawns a detached node lib/caller.js child process. caller.js decodes a base64-obfuscated URL...

OSSF Malicious Packages•added 4 days ago•6 views

Malicious code in testpackagemanyhttpsgo (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 336f39e218fe5b5a09ef8ee7757efa7a0ca73c0fe6571bc232d735448499a950 At install time, setup.py fetches https://tmpfiles.org/dl/wawHVGgfydD7/6a306c5f03a52.exe via urllib, writes the response to disk, and executes it wit...

OSV•added 4 days ago•3 views

Exploits0References6

MAL-2026-5840 Malicious code in testpackagemanyhttpsgo (PyPI)

5.7AI score

Exploits0References6

OSV•added 4 days ago•4 views

MAL-2026-5833 Malicious code in yunxin-overmind-comment (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 57551a10d99024d1d12c7f2e349e6557613ed3a5e036bf45d71129d501fbbabc On npm install, the package's scripts.postinstall runs src/postinstall.js, which spawns a detached Node child that collects the installer's hostname,...

OSSF Malicious Packages•added 4 days ago•6 views

Malicious code in intel-ai-safety-explainer (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7561bb0b816a4521b6de43bce01afa55516a7201b6daa7696de4924623557f90 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

OSV•added 4 days ago•3 views

MAL-2026-5814 Malicious code in intel-ai-safety-explainer (PyPI)