Lucene search
K

288 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago5 views

Malicious code in abuden28 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a58dd1a008e23641f5373b4593347947fb72a1a199e2354ffe75c79af4066d98 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago3 views

Malicious code in pasirianspirit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 60cd922693da1d756dfc573575c5f9630b509a4746aeccedd588426a170d0a18 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/07 4:19 p.m.12 views

Malicious code in whs4_npm (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 47695d571fe82fbb4402e8cc7f56c05e1cb21d0bc8089ccbd8fca32f8cf5a57c The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/07/07 3:6 p.m.6 views

MAL-2026-6924 Malicious code in solana-address-codec (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e1008cff7bb82464ce9ade3ae5c353e929b7367800b404a038baa8a026c69ae The package name resembles utilities in the Solana ecosystem e.g., @solana/addresses and address codec helpers, which is a common target for typosqua...

6.1AI score
Exploits0References7
OSV
OSV
added 2026/07/06 6:59 p.m.3 views

MAL-2026-6895 Malicious code in ts-bigtn (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3fe9cda51a9c873f69575fec5aada84c81b0b7e907d060f28d6c6e95dc381911 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:53 p.m.8 views

Malicious code in @content-editor/common (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware af120addbb0e18e1202a82729c25dc190dba070fee695cc22bcb91c7eea6ad25 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:48 p.m.10 views

Malicious code in @anna-money/anna-web-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 51ad1206f707247b245f3a828c780fbe27239f1fa15c8a90782617144669af5f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/19 8:28 a.m.11 views

Malicious code in ts-ecro-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 86149b041033a917b3b743b9381a14368e79015385b27b89429cf7f6a35d0d30 No suspicious behaviors were identified in this package version. There are no lifecycle hook hazards, no outbound network calls to attacker-controlle...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 3:12 a.m.11 views

Malicious code in @mastra/fastify (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1ba29e7c4e2320b4f5852c18ded92c92021cfbc47d5bf8146b1a93ffa58260c7 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/12 2:32 p.m.15 views

Malicious code in ecto-nightly-spirit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5dea0702101217f4a918a23191023bbd9e7d3b5478028bb0868341a574526e97 On npm install, postinstall.js executes unconditionally and performs three installer-harming actions. 1 It enumerates every key/value pair in...

5.4AI score
Exploits0References8
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 9:44 a.m.13 views

Malicious code in react-photo-views (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b0a47353c6255d7edb625c7ea890545e106900caeae477f0ebff432ae39c53e5 Package name 'react-photo-views' plural impersonates the popular 'react-photo-view' singular component — README badges, downloads URLs, and...

5.4AI score
Exploits0References2
OSV
OSV
added 2026/06/09 2:17 p.m.11 views

MAL-2026-5371 Malicious code in @doaction/example (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9e2df92bb520aefba5bcfa6e3e88b4cbd7da3ea27b121380c17615bcfbab1ade @doaction/[email protected] is a scoped npm package whose package.json self-describes as 'Example package with Datadog environment telemetry for...

6.2AI score
Exploits0References3
OSV
OSV
added 2026/06/09 2:17 p.m.15 views

MAL-2026-5369 Malicious code in @doaction/auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a625267416db212dbcffcba51a6ac48bd779ccd3760b7ef8f59e6b4905df44e5 package.json declares "preinstall": "node scripts/postinstall.js", which requires '@doaction/shared/bin/postinstall.js'. The package's stated purpose...

6.1AI score
Exploits0References3
OSV
OSV
added 2026/06/01 12:0 a.m.23 views

MAL-2026-5111 Malicious code in @redhat-cloud-services/chrome (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/29 10:2 p.m.16 views

Malicious code in foundry-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4918af978c72d6459e02a9d0b1114f54cde7f3973b1cc3f61b497a0575269592 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/14 3:48 p.m.7 views

MAL-2026-3739 Malicious code in viem-utils-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f3d1feda8a13ce43d926de9052753f882f9f51f8afa6572c92bb4a5d3ca9412e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/12 12:20 a.m.12 views

MAL-2026-3443 Malicious code in @squawk/flight-math (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0595c498e25ed96bb0a13cf8ce777df0977f4c1580aadfddfcb0eaf1ae3d7915 The package @squawk/flight-math was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References6
OSV
OSV
added 2026/05/04 1:43 a.m.9 views

MAL-2026-3275 Malicious code in @kills_sh/bootstrap (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0e7f5c26dc70e3f5d44e3fc5b4b94fba66089cf8d0d718fc48c4f85aada6f830 The package @killssh/bootstrap was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/01 10:25 a.m.5 views

MAL-2026-3209 Malicious code in apple-internal-security-library-v99 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f44267d5128f9ac2c62938b60bfa45264207a0010c41c97082c72246a3a7a248 The package apple-internal-security-library-v99 was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/04/14 11:52 a.m.6 views

MAL-2026-2656 Malicious code in tailwind-stylecss-typography (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e0f774188361889c2e95f246317a2fece3219b9d9952ff3645e4d108bc525c5 The package tailwind-stylecss-typography was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
Rows per page
Query Builder