Lucene search
K

745 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in ishowfeet15 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 34a7b03a8ca0b677deda412c60e728b69b4823084f139fae2af7feaaf8aa5207 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday5 views

Malicious code in abuden24 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fb51631494082c47eae9693ef57def77cbb5e4ecef742b0e1cf5ac6f41b4573f The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in backupsitetuff6 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector daf0f0345d3aed2a0b5f8f145161679e6ebf492603ce2e99d586903f5b8044c9 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago9 views

Malicious code in nodemon-patch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 15ac606888cb1a54710bafa78dc76d760bef1088bb5e2cc0f0323614341345e5 The package is named nodemon-patch but its package.json metadata homepage https://nodemon.io, author Remy Sharp / github.com/remy, repository, fundin...

6.2AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added last week11 views

Malicious code in whs4_nmp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53a1fc3c42fcd64070dd50db1ed23a9f238bd10fea9bba087cb605f7419af28c The package's postinstall script runs node index.js on install, which invokes reportLoadedFrom to POST installer-side data to a hardcoded Discord...

6AI score
Exploits0References3
OSV
OSV
added last week8 views

MAL-2026-6930 Malicious code in annotator-harvardx (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e60352f3188693c150a75a0c785e9398fd12270a4cd481c3bcb411993beffbbd The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSV
OSV
added last week7 views

MAL-2026-6920 Malicious code in crypto-base58 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b7da752b2532b67e824f8904ffce7618b074a6a58746099b36b4ee547d936c8d The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References6
OSV
OSV
added 2026/07/06 6:59 p.m.5 views

MAL-2026-6899 Malicious code in twcompose-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 096d151917a14021013de8dbd595466944a677be49ee8ca4b3ed94de63d85cd9 The package's main entry point src/index.js contains heavily obfuscated JavaScript at line 138 using a classic string-array shuffle pattern while!!...

6.1AI score
Exploits0References3
OSV
OSV
added 2026/07/06 6:58 p.m.4 views

MAL-2026-6879 Malicious code in sol-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ea6f550ff0944a5125136900111863f7ec99ea46c3f2472181c87ed2b8ce8c57 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/07/06 6:57 p.m.4 views

MAL-2026-6875 Malicious code in secure-box (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1fac79042697157915144f205c342b79f8a019218c45580224a85c045c03fea9 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 6:55 p.m.8 views

Malicious code in npm-doc-dev (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cd9478699eb0ff355280d938bef68818018c0c5cb579b3c144f6c0e134dfad1b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/07/06 6:52 p.m.7 views

MAL-2026-6807 Malicious code in bootstrap-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d9ac4913fc1ffcabe1ed6637abc6d532abc014683f48b341ece6127a51da15d8 The package's index.js is heavily obfuscated with classic string-array shuffling patterns e.g., while!! loops with repeated 'shift' calls and...

6.1AI score
Exploits0References2
OSV
OSV
added 2026/07/03 4:6 p.m.6 views

MAL-2026-6747 Malicious code in web-api-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3ca2f8dce9e845346901818eadd06a0cda318c99ac3e059cd076d9f4065e2c17 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/07/03 4:0 p.m.7 views

MAL-2026-6742 Malicious code in alder_morrgan (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 96468d16380fb68b99823735be418b7393216e068ce91f6aa31f2e1305d9d4d2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/06/29 4:53 p.m.18 views

MAL-2026-6606 Malicious code in @concerns/i18n (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b727ee2cbb3fadb59ee0ec7febb6db24f25e775ee3957c6765800a61de44289f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:53 p.m.10 views

Malicious code in @contenteditor-shared/content-editor-common (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d9fc086285355b04152703d1c9de2c2a48e3b70580c5f8cb02fa60918e52f47a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/06/29 4:53 p.m.9 views

MAL-2026-6611 Malicious code in @cxp-shared/string-utilities (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d2cd735ed6a2711ca0dfcb8cb4fee948afe5e923d6b56743b3fd7ee922bd8d14 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/06/29 4:53 p.m.7 views

MAL-2026-6628 Malicious code in @img-hls/vtt.js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ad530c5830e0148f1b5b34ac28336c1b1468d5a11ffa2ff265368e13199cceb4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/06/25 2:16 a.m.5 views

MAL-2026-6410 Malicious code in @su-doughnym/react-dlb (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2269beae8c30caccda966ca3aba35c3eddb4795fba0161045f14758ff150f58b Package self-identifies as a dependency-confusion bug-bounty proof-of-concept and is published at version 99.99.99 to win resolution priority over an...

6.2AI score
Exploits0References2
OSV
OSV
added 2026/06/23 3:38 p.m.8 views

MAL-2026-6336 Malicious code in sync-external (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc297a0deaba794fdbfccc280a79c7cc895f21fc4e0122b1fba1bc4759b66c3f The package ships an obfuscated JavaScript file at shim/index.js using hex-style identifier mangling 0x391f3f, 0x3eff0a, 0x534564, etc. characteristi...

5.8AI score
Exploits0References4
Rows per page
Query Builder