Lucene search
K

138 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 2:16 a.m.9 views

Malicious code in data-fetching-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 913d882d66d587abb1d6fe92b8b6d7353c1b4ae79fb175cc3f10b606dd5f8457 Package self-identifies in its package.json description as a bug-bounty dependency-confusion proof-of-concept against an internal package name of the...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/16 6:3 a.m.13 views

Malicious code in bign.tsm (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a742cbbbd867c961c2a0d001e20f92dfadd209e9071734e840bbd0e0606d4f6b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.4AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/16 6:3 a.m.11 views

Malicious code in npmjs-doc-builder (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9e75a4fc474b58b6d7226e8448d6c909312baf7aff6e9587188cc56a2a5dface Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.4AI score
Exploits0References1
OSV
OSV
added 2026/06/15 11:45 p.m.10 views

MAL-2026-5846 Malicious code in prettier_v2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b0da6eb947f9a9046563fe43e0b5064d7dc2a75e019425a564276d44d39bc263 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.4AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/15 11:33 p.m.12 views

Malicious code in vite-enhancer-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f95dc5a82c03457cbfab461f0b1775f3918589db6ac513342a1ec0dc1aacc1fb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.4AI score
Exploits0References1
OSV
OSV
added 2026/06/15 11:33 p.m.10 views

MAL-2026-5843 Malicious code in chai-smart-assert (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 44c476c94a62f5a3949ef8e6173aae3a6fa9b4411d7b157d06ea96835fbf258c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.4AI score
Exploits0References1
OSV
OSV
added 2026/06/12 2:32 p.m.7 views

MAL-2026-5690 Malicious code in ecto-spectral-leak-8d4e2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ed80e7979c97935537c82692c1be6aa9fa4880f76b412057e9d8ed7d66af999f On npm install, postinstall.js executes shell commands that enumerate AWS Secrets Manager across regions aws secretsmanager list-secrets followed by...

5.8AI score
Exploits0References4
OSV
OSV
added 2026/06/10 12:10 p.m.13 views

MAL-2026-5495 Malicious code in @solana-launchpad/sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2f311ca65e1dd4812e0b9812be713108a676a6f25c8d48443ab93a97133447b7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/29 10:9 p.m.20 views

Malicious code in customerdigital-service-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d58926a994bd05ac4db3c984f96186b2d52da1235a3f56f34843c01dd2246408 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/28 1:39 p.m.13 views

Malicious code in @service-suppliers/set_suppliers_loading_stop (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 52d21512cf72b6b9822978fa95b217f0412f0d8ec55e5667addf4a486ad0965b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/26 12:27 p.m.12 views

Malicious code in web3-prices (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ee650bfe594eb17193a4760fd6fc279eb10670ae045500913ea673951427b47e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/25 8:48 a.m.14 views

Malicious code in unique-string-64 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c13681b6b78ec7996b99f0b0404fe78f1deb2235a379314856002f8f3ec02501 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/25 8:11 a.m.16 views

Malicious code in nba-blocker-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3f1fe232a9f7f60759e2b252db2948228245fa7ee3881d1fb5e3954a2ca3bcf1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/12 12:7 a.m.13 views

MAL-2026-3486 Malicious code in @tanstack/solid-start-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a9f623ce85c893266087d3eeb9812938d0f3eea0ddb33cd735589c104dafb8e2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/24 2:39 a.m.9 views

Malicious code in sagat-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3b9e0a31b6bceddf90e920c8c6eb6313c822ca883c8daaa6905c5d8835fb8220 The package sagat-core was found to contain malicious code. Source: ghsa-malware cd038a03954f5c3c52c0f68ddfd36cbd9746f905131c22fa2089a72f8929be62 Any...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/04/23 3:52 a.m.8 views

MAL-2026-3003 Malicious code in @amsterdam-local/forms-component-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 291b91d9d855e239db33d7709fe9a88228eee0a166ce7312b5fb7f55f57dc488 The package @amsterdam-local/forms-component-library was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/15 3:7 a.m.6 views

Malicious code in mongoose-stamps (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 073338095bf5f8b7f7ec04e0994d8df1084c899bc6e737b3e7d4aebe26ddc01a The package mongoose-stamps was found to contain malicious code. Source: ghsa-malware b18e13ac80d023110bb0dc5cad4ad32a8f1e4d563156bb626e671b88578ca26...

5.7AI score
Exploits0References1
OSV
OSV
added 2026/03/24 12:43 p.m.12 views

MAL-2026-2133 Malicious code in server-fpti (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b90fb70466093bba29ed5b8f62a9734b95ff7011add06482beec9546984f11c3 The package server-fpti was found to contain malicious code. Source: ghsa-malware 59d0d75db844e966a9f5cc0e311ca6f2385abdf95ca0ee2387c23be8342f0fb2 An...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/03/22 6:18 p.m.5 views

MAL-2026-2070 Malicious code in jest-preset-ppf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 865aa42f02036b04e6245ec53b1fd2e49bc7f3954c195abec4127acf04dfa260 The package jest-preset-ppf was found to contain malicious code. Source: ghsa-malware 84c3c8fd0d6db555bb09e8ddd8668f525a4de9ad2486ecf4ef835f158a7565d...

5.8AI score
Exploits0References4
OSV
OSV
added 2026/03/16 12:0 a.m.3 views

MAL-2026-1546 Malicious code in dazaar-payment (npm)

The package 'dazaar-payment' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server npm.jpartifacts.co...

5.6AI score
Exploits0References3
Rows per page
Query Builder