CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSSF Malicious Packages•added 2026/06/15 5:23 p.m.•9 views

Malicious code in bodega-sdk (npm)

flow/surf-lending DeFi cred-exfil campaign sibling c1655. preinstall node index.js || true exfils env secrets to raw C2 2.25.140.71:8443/surflending/npm-confusion verified identical. No-renotify. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...

OSV•added 2026/06/15 3:54 p.m.•5 views

MAL-2026-5792 Malicious code in nativescript-swisspost-imagepicker (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b2271ce1525f722f302ee59b9de3270020e6d1aa84d74cc2972cb6ffa34d9a62 package.json declares preinstall: node index.js. On npm install, index.js reads process.env.INITCWD the installing project's working directory, takes...

OSSF Malicious Packages•added 2026/06/13 7:0 a.m.•8 views

Malicious code in node-stack-frames (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5fd4f6c5f3278484d99f6ffffc001cf920dcb0fa4fdfabff957a61c3cfbfc158 package.json declares a preinstall script that runs an inline Node program on npm install. The script requires os and http, collects os.hostname,...

OSV•added 2026/06/09 5:38 p.m.•7 views

MAL-2026-5419 Malicious code in @nstrlabs/auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 608be3457e7c809e60c1b76b9406489652f0ef708bfb97db2b6e0bb92b6836c2 On npm install, the package's preinstall hook node index.js || true, declared in package.json automatically collects host identifiers — os.hostname,...

5.5AI score

Exploits0References2

OSSF Malicious Packages•added 2026/06/09 5:35 p.m.•7 views

Malicious code in @klapp-about/routes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 715f07e0a1984fc9eb7d6432fc2491b08139755426b3c8905ba2d9274e2d4875 On npm install, the package's preinstall hook node index.js collects host and user identity data — os.hostname, os.userInfo.username, dirname,...

OSV•added 2026/06/01 12:0 a.m.•14 views

MAL-2026-5141 Malicious code in @redhat-cloud-services/host-inventory-client (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

OSV•added 2026/06/01 12:0 a.m.•6 views

MAL-2026-5135 Malicious code in @redhat-cloud-services/frontend-components-advisor-components (npm)

OSSF Malicious Packages•added 2026/05/26 1:1 a.m.•12 views

Malicious code in weavedb-sdk-base (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 40b4b0c5f79c0370a77c3b559b70389ffee591aa22c76ca15c4077fe95b5078e package.json declares "preinstall": "./bin/install-deps", pointing at a 976KB packed Linux x86-64 ELF binary shipped in the tarball sha256...

6.3AI score

OSV•added 2026/05/26 1:1 a.m.•7 views

MAL-2026-4724 Malicious code in weavedb-sdk-base (npm)

6.3AI score

OSSF Malicious Packages•added 2026/05/26 1:0 a.m.•7 views

Malicious code in atomic-notes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c70dcf4fd11ae58bf4e06b896b2f163d54e3c3a26b66d472bab1e0af126f6f81 package.json declares preinstall:./.github/scripts/precheck, which executes a 976 KB stripped, UPX-packed Linux x8664 ELF shipped at...

OSV•added 2026/05/26 1:0 a.m.•5 views

MAL-2026-4546 Malicious code in cwao-units (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 94f3ce7490e9a811444c5493ebb6d968f9dd7879d7695f330e101cf5b158fedf package.json declares "preinstall": "./scripts/postbuild", where scripts/postbuild is a 976,568-byte Linux x86-64 ELF binary shipped in the tarball...

OSSF Malicious Packages•added 2026/05/26 1:0 a.m.•10 views

Malicious code in weavedb-tools (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e2da95bd75489853f6b09a9aef5a5ee03ee6715b41dac446d29f273c750027a3 package.json declares "preinstall": "./dist/runtime.node", which directly executes a 976KB Linux ELF binary at every npm install. The .node extension...

OSV•added 2026/05/26 1:0 a.m.•11 views

MAL-2026-4726 Malicious code in weavedb-tools (npm)

OSV•added 2026/05/26 12:59 a.m.•9 views

MAL-2026-4721 Malicious code in weavedb-node-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d174728fc7469b023ece1980797185c35abd74c56e253bc1dc1b295a46a1dbd2 package.json declares "preinstall": "./tools/setup", unconditionally executing a 976KB UPX-packed, stripped Linux x86 ELF on every npm install. The...

6AI score

OSSF Malicious Packages•added 2026/05/26 12:59 a.m.•9 views

Malicious code in weavedb-sdk-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 59e557cd0501bb17925a19c5d3525fdf18f286b21750a44c0164eb7e165f55d9 package.json declares "preinstall": "./dist/runtime.node", causing npm to execute a 976 KB packed binary on every install. The file uses the .node...

6.1AI score