Lucene search
K

726 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added yesterday6 views

Malicious code in nodemon-patch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 15ac606888cb1a54710bafa78dc76d760bef1088bb5e2cc0f0323614341345e5 The package is named nodemon-patch but its package.json metadata homepage https://nodemon.io, author Remy Sharp / github.com/remy, repository, fundin...

6.2AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago9 views

Malicious code in whs4_nmp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53a1fc3c42fcd64070dd50db1ed23a9f238bd10fea9bba087cb605f7419af28c The package's postinstall script runs node index.js on install, which invokes reportLoadedFrom to POST installer-side data to a hardcoded Discord...

6AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago5 views

Malicious code in npm-doc-dev (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cd9478699eb0ff355280d938bef68818018c0c5cb579b3c144f6c0e134dfad1b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:53 p.m.10 views

Malicious code in @contenteditor-shared/content-editor-common (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d9fc086285355b04152703d1c9de2c2a48e3b70580c5f8cb02fa60918e52f47a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/06/23 3:38 p.m.8 views

MAL-2026-6336 Malicious code in sync-external (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc297a0deaba794fdbfccc280a79c7cc895f21fc4e0122b1fba1bc4759b66c3f The package ships an obfuscated JavaScript file at shim/index.js using hex-style identifier mangling 0x391f3f, 0x3eff0a, 0x534564, etc. characteristi...

5.8AI score
Exploits0References4
OSV
OSV
added 2026/06/23 6:19 a.m.7 views

MAL-2026-6276 Malicious code in node-core-libs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d33f74e3f73fd5580ecf994b7db0349ee540754d65d4467b8b04b8c79e3d257b scripts/postinstall.js runs automatically on npm install Windows only and behaves as a classic install-time dropper. It XOR-decodes key 0x5A a...

6.4AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 6:35 p.m.14 views

Malicious code in @mastra/observability (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d011342f74ef411523da8a4a42af220a5816766b2d519fd8f824ed35f33fdb2 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 1:4 p.m.11 views

Malicious code in sodel-pych (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c7d67bcaf42f4ef050a6b824dfbc2f711d6820f7b3b1140d211110f390e512fa The package ships several files whose names and contents suggest a non-trivial install-time and runtime footprint: a postinstall script...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 5:6 a.m.8 views

Malicious code in @mastra/blaxel (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2cecc2be49f20a0d56a77e30e6da0ad8716ecc2fe9410e6b83a93fbce2db5c66 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 5:6 a.m.8 views

Malicious code in @mastra/stagehand (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0705d4d586f3c6d9899944e40be408bf7a454e7f62ed811cb4ee5778d707f43 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 4:57 a.m.8 views

Malicious code in @mastra/dsql (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 47553f7ae35dba96de01f34980d8270e1820fd691106ad98ad4650087778d176 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/06/17 4:55 a.m.6 views

MAL-2026-6050 Malicious code in create-mastra (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 12df16ee90f6c59f31e4b0b71f2dbf3a0b046e17ecae5e13399b69fec9f3c563 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.4AI score
Exploits0References1
OSV
OSV
added 2026/06/17 3:12 a.m.9 views

MAL-2026-5961 Malicious code in @mastra/rag (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e9608d74e59d524d1052f6b05c8fba2b9d181452f28a012785eb80cb6764abe3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.4AI score
Exploits0References1
OSV
OSV
added 2026/06/17 3:12 a.m.11 views

MAL-2026-5957 Malicious code in @mastra/mongodb (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 49f8ee83c01b471839bea21d7231e347b261071539611998f952f050cded4cbb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.4AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 3:11 a.m.9 views

Malicious code in @mastra/pg (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a70008c61b1e4ef205086d9fbbeb0435c8cee10e414626617fec6b946d45c84 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/16 11:54 a.m.11 views

Malicious code in redis-type-os (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f9fefcfb296b7a9b0c08dc47f628f1987d349d5b57cc9b3c5cb2ce7e331f7e4 Package is published as redis-type-os but all in-package references README, docs/, CHANGELOG, repository field, author email point to redis-om /...

6AI score
Exploits0References9
OSV
OSV
added 2026/06/16 9:37 a.m.10 views

MAL-2026-5877 Malicious code in check-ulid (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea848e496c2022409208a3e4a7d9b364c9437699a15554a5a1ee953d4428f230 check-ulid is a typosquat of the legitimate ulid package README is copied verbatim, homepage and bugs link to github.com/ulid/javascript whose...

5.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/16 6:12 a.m.15 views

Malicious code in hot-validation-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c76065c270ae195ee042c46a6d0ade5737992948d3f3068f367fc6bfef474ce9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.4AI score
Exploits0References1
OSV
OSV
added 2026/06/12 4:11 p.m.11 views

MAL-2026-5699 Malicious code in chai-web3-testkit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ecc1472c1964a224051ad01d14dabfdfd3ca26d594fff02fb07192f423238691 The package advertises itself as a Web3.js testing toolkit but its content is copied from the legitimate chai-smart-assert library and a malicious...

6.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/12 4:11 p.m.14 views

Malicious code in vite-react-toolkit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 879905a93676f42398cca583eb921d5ee04a7c84068d7aa0123a7cefdf26d995 On import/require of vite-react-toolkit, src/features/extras/config.js reached via the package main → createConfig.js → features/plugins.js side-effe...

5.3AI score
Exploits0References2
Rows per page
Query Builder