Lucene search
K

13 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/15 3:10 p.m.20 views

Malicious code in field-plus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0112dc4801bb261e86a2f68d5fd49b6c955bb4e82f872c72e61e49cc638ca91c package.json declares both preinstall and postinstall scripts that run curl against a hardcoded bare-IP HTTP endpoint http://3.7.226.146:9000/callbac...

5.3AI score
Exploits0References2
Snyk
Snyk
added 2026/03/19 11:0 p.m.19 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM. They contain malicious code, and its content was NOT yet...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2025/11/24 4:24 p.m.2 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

9.8CVSS6.8AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.4 views

Malicious code in nebula-outercore-promise-lightyear (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66069e88859f70dd33e442af467828063afd118ead677224c580a78b092e7d93 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSV
OSV
added 2025/11/12 7:18 p.m.4 views

MAL-2025-176515 Malicious code in nokire-tanjiro29 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 80845458c29519f2e5c34b210c97e2e6d4feb95e05b882e0d9faca1dd44ac6fa This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
EUVD
EUVD
added 2025/11/11 8:46 p.m.4 views

EUVD-2025-97978

Malicious code in innocentwormz3n npm...

6.6AI score
Exploits0
OSV
OSV
added 2025/11/11 8:46 p.m.4 views

MAL-2025-129244 Malicious code in oktafian-sego44-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d1fecf663cf2789e10fb7d1aa17449610ecde65885d4cd795c5452676cf253c2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
EUVD
EUVD
added 2025/11/11 8:11 p.m.6 views

EUVD-2025-93624

Malicious code in zaki-mieayam69-breki npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/11 7:16 a.m.10 views

EUVD-2025-68424

Malicious code in putri-menjes99-ruro npm...

6.6AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/11 4:25 a.m.7 views

Malicious code in faithful_aphid_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 351c4d6add695be8b8e6dd5c2dfb22f3e5de93efb310bc14ad495aa26c664c6b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSV
OSV
added 2025/11/11 2:29 a.m.4 views

MAL-2025-72021 Malicious code in bambang-bakwan36-breki (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea3c63df6d8194d32d89f20dfc94f76de8d82eb0b1a93a8c86574d6457e9a791 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/10/29 10:49 p.m.7 views

Malicious code in twilio-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 20ffcb178cf9c4a8cc2e9e550a170ff42fa42a341a71eb80330990ce0fc4fe3d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.4 views

Malicious code in mp3-file-zip-d-ownload-25737-the-dividing-island-m1xnl-ssmrpa (npm)

The package mp3-file-zip-d-ownload-25737-the-dividing-island-m1xnl-ssmrpa was found to contain malicious code...

7AI score
Exploits0
Rows per page
Query Builder