Lucene search
+L

83008 matches found

OSV
OSV
added 10 hours ago3 views

MAL-2026-10769 Malicious code in easyway2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b70fe150bb8d389d4b3f437dff96763448359cafed12db8139236f3d40b88565 The OpenSSF Package Analysis project identified 'easyway2' @ 1.0.3 npm as malicious. It is considered malicious because: - The package...

5.3AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday5 views

Malicious code in @hibachi-xyz/types (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 214e1b690352ce0af70ce6a37d3b7ac4d8dec4269dc7606b7a65fbb6d4406e8b The package presents itself as 'Type definitions' for the @hibachi-xyz scope at version 99.0.0, but index.js exports an empty object and its only...

6.2AI score
Exploits0References1
OSV
OSV
added yesterday4 views

MAL-2026-10716 Malicious code in @hibachi-xyz/ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 308aa7f8a3746a346bbed305975f68d110bcf6b98815b7bf9f579e37089fd78b The package is published under the name @hibachi-xyz/ui with description 'UI components' but ships no UI code. Its index.js, executed on require,...

6.1AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday6 views

Malicious code in @hibachi-xyz/ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 308aa7f8a3746a346bbed305975f68d110bcf6b98815b7bf9f579e37089fd78b The package is published under the name @hibachi-xyz/ui with description 'UI components' but ships no UI code. Its index.js, executed on require,...

6.1AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago23 views

Malicious code in xyq-drama-skill (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 062ea591e5b995503deb15b174a37fc7af37cb5987a6c3d715d256fe0c3bfe10 setup.py registers a custom install cmdclass that, on pip install, downloads an opaque binary from...

6.3AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago14 views

Malicious code in monogrok (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3369fb16804682addfec56904223d0255c2a0ca6d35481e744221e8252f2000d Package publishes as a generic 'M!T' library with an unrelated Apache-license README, but the tarball contains an offensive spam / phishing /...

6.2AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago9 views

Malicious code in @leviosa86com/leviosa86-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 96264a8719e17bd8ec21d47213fe31dec87445e01ff312a1e46af5819e028979 Package @leviosa86com/[email protected] ships src/poc/index.js which shells out via childprocess.exec to collect host identifiers hostname, pwd,...

6.1AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago7 views

Malicious code in cosmos-cuda (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c1a96e5776ec64356f639738134c95a2f33233a4275d2d0ddd6b174c297c64ee The sdist-only package cosmos-cuda 9999.0.0 executes a beacon function beacon'build' from setup.py during sdist build/install and beacon'import' from...

6.6AI score
Exploits0References2
OSV
OSV
added 3 days ago3 views

MAL-2026-10617 Malicious code in cosmos-cuda (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c1a96e5776ec64356f639738134c95a2f33233a4275d2d0ddd6b174c297c64ee The sdist-only package cosmos-cuda 9999.0.0 executes a beacon function beacon'build' from setup.py during sdist build/install and beacon'import' from...

6.6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago6 views

Malicious code in ethereum-lib-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 58bddf420dcb894a940b62fba777628f0c3a9d31dd7fa915afaea618c1914d52 Package [email protected] impersonates the widely-used ethereumjs-util library: the package name, README badge, repository, homepage, and auth...

6.2AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago7 views

Malicious code in assertion-utils-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 311d22d9694863456136cf4f8b69a291fdbb631eda56bafca1959e0c184774a1 assertion-utils-js is a typosquat of chai name, description, and keywords mirror the real package. On require, index.js spawns a detached Node child...

6.2AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago8 views

Malicious code in chain-sdk-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cb94ce743d92fe81015db70380ba325e78e4271b78689a9a6998cda4e6bdc038 chain-sdk-js is a typosquat of @thetalabs/theta-js package name, description, author 'Theta Labs', and bundle filenames thetajs.cjs.js/thetajs.umd.js...

6.2AI score
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago8 views

Malicious code in tennacity (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c7933cd1ec11531feba788870555eeac615535d8e230b4d252880def9c68ff5e tennacity is a one-character typosquat of the popular 'tenacity' library; its README/PKG-INFO are copied verbatim from real tenacity while setup.py...

6.2AI score
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago8 views

Malicious code in eth-dev (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 51f051957ac6f91e8567df873978b45c0c81a170f94decbd735d329f312ff1bb On require, index.js schedules a 37-second delayed routine that reads test/fixtures/keypairs.dat, base64-decodes it into /.cache-db/.node-sync/syncd....

6.1AI score
Exploits0References5
OSV
OSV
added 3 days ago5 views

MAL-2026-10540 Malicious code in postcss-processor-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b0253c4f750443ba47f0ab61347fa85a1659b847190a85757575e904966636da On require, src/index.js loads src/token-loader.js, which reads data/design-tokens.json, XOR-decodes the base64 blobs under encrypted.chunks using a...

6.1AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago11 views

Malicious code in nodemon-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d1d2f1b3c8848137e0ec6a9897d6f4056102623f1139549c9dd928fcb4482e69 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago7 views

Malicious code in nodemon-delog (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea1c5b4054d6daffaf190005db661027e29255ae20de1bb410f506de1f178532 nodemon-delog is published under a name that resembles the widely-used nodemon package and ships a verbatim copy of nodemon's source tree, README,...

6.1AI score
Exploits0References2
OSV
OSV
added 4 days ago6 views

MAL-2026-10491 Malicious code in assertcoreutils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e53b085bfe045b4aeabe9ad77e1066ab0883f27304197377681191c3118b780 assertcoreutils impersonates the popular chai assertion library: the README, the chai keyword, the lib/chai/ directory layout, and lib/chai.js are...

6.5AI score
Exploits0References3
OSV
OSV
added 4 days ago4 views

MAL-2026-10489 Malicious code in permcserver (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf9fcdfd2e40ddb8c0aef4fa0fb93f2d0bcf3b0c00104057076f8013a70812d6 The package's main index.js is a 10-line FFI shim that spawns a worker, dlopens the bundled lib-linux.so via koffi, and immediately invokes the nativ...

6.3AI score
Exploits0References4
OSV
OSV
added 4 days ago19 views

MAL-2026-10452 Malicious code in markdown-editable-table (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6b15669732f3eaec42e12c5f8d41a8f74d595fc04f709804de9768cb1719a94 The package's package.json declares a preinstall hook node index.d.js that runs automatically on npm install. The script in index.d.js base64-decodes...

6.2AI score
Exploits0References4
Rows per page
Query Builder