Lucene search
+L

896 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago7 views

Malicious code in nottuff20 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45385ab2d7ac9fcd5f37a9faa2824beba492422d1783deef1b9b153eda2e25d2 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSV
OSV
added 4 days ago3 views

MAL-2026-10295 Malicious code in bismillahitidakimas (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fbdeeb9f66b286397502ebf5d67dacf17f4cc4f58917fa9d201d799bb99c3e2c The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago6 views

Malicious code in ratelimitsucks3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5a45b50938677bb4c4bcdeee48af3fd57a8204d48d6aff16a1351ae814491391 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago8 views

Malicious code in backupsitetuff10 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8062677ad6aa536c8e4582df43db6251e78e0cd2a0e4c36348a997bc28b06d5b The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago7 views

Malicious code in whatsadmaidk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 604f59cbac58a8e35ba82016c72efe0c02226eec9273e96ee9215dd72cbe0392 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago10 views

Malicious code in dotnet-runtime-base (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c10c75766303f8c3bf261487e341e537f103116026309006ab71d977aacdd235 The package's postinstall lifecycle script package.json line 7: "postinstall": "node install.js" runs install.js, which on Windows writes a PowerShel...

6.2AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/10 4:5 p.m.11 views

Malicious code in eslint-jest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8908ac72050dded53e2e163c528a446b7a4fd7a37a4874e14f95b08265f043c4 The package presents itself as an ESLint-inside-Jest runner but the documented linkProject/lintFiles/createJestRunner API is not implemented. The...

6.1AI score
Exploits0References4
OSV
OSV
added 2026/07/08 8:26 a.m.8 views

MAL-2026-6966 Malicious code in na-rony-test-karem (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cd6a8602ce62a88124613cbe7eb85e19a1ae122a0ee98c71676fe4969359888f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/07 4:19 p.m.14 views

Malicious code in whs4_npm_test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 68d797ee3c8111cffee8603aa24625cb71a7f958438e33207b33376b260acc59 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References5
OSV
OSV
added 2026/07/07 3:13 p.m.7 views

MAL-2026-6923 Malicious code in notifier-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6a5846e3c26fdded8225d54ec017b01be255353470c39a780bbd9b556c059120 The package presents itself as a pino-compatible logger README, keywords, and a module.exports.pino alias mirror the pino identity, and lib/ replicat...

6.3AI score
Exploits0References5
OSV
OSV
added 2026/07/07 6:27 a.m.6 views

MAL-2026-6907 Malicious code in chai-spycore (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fbb99516f251bbd13baae5273239a6a04acefea76ddf1a7b06f4b5a328339dae Package republishes the chai-spies Chai plugin source verbatim including original author header under the near-identical name chai-spycore...

6.4AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 7:0 p.m.9 views

Malicious code in wime-zle (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a3e5a49f13ac5ae3e92267b63357dc81d37b138ed5981949b12e51a09095e2b0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 6:53 p.m.9 views

Malicious code in log-format-thread (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e034e855661cc792a14908c613b0d3ae31917a99927ddf0db29b1ae173df0cd Package advertises itself as a log formatter but exposes an undocumented threadContent option on createLogger that is forwarded to a worker thread...

6.3AI score
Exploits0References3
OSV
OSV
added 2026/07/06 6:53 p.m.6 views

MAL-2026-6848 Malicious code in log-format-thread (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e034e855661cc792a14908c613b0d3ae31917a99927ddf0db29b1ae173df0cd Package advertises itself as a log formatter but exposes an undocumented threadContent option on createLogger that is forwarded to a worker thread...

6.4AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 6:2 p.m.8 views

Malicious code in react-next-dom (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e7369fd2dd1ba9002d2c693ba08c553c7c6fef54dba372146c11f20b43607aa react-next-dom masquerades as a React/Next.js ecosystem package but ships a pino-like surface concealing a remote code loader. The main export is a...

6.7AI score
Exploits0References3
OSV
OSV
added 2026/06/30 2:10 p.m.6 views

MAL-2026-6675 Malicious code in rs-biginteger (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 796cb1ee4c8398963dcc192d2fc9b425866f40f7a99b467cba1d160234508617 Package presents itself as a big-integer arithmetic library and ships the verbatim big.js v7.0.1 source plus its README. Injected between the P.minus...

6.4AI score
Exploits0References3
OSV
OSV
added 2026/06/29 4:53 p.m.6 views

MAL-2026-6632 Malicious code in @meego-progressive/cdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5a7205f38cfc6908e42b221ffcaf5118f3ef9891d4b1cc7c0798411cc7b0b349 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/06/29 4:53 p.m.6 views

MAL-2026-6617 Malicious code in @e50/utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 10a4c9b9b6682e1c953dc27df1a9f353955b087e65f242c7d03a20f32341dc87 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/06/29 4:44 p.m.7 views

MAL-2026-6669 Malicious code in pvd3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0c992d4bd87c36aa389d168c263ca0b89c04b425b0483217ae1098a0c2f3ee10 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 9:32 p.m.8 views

Malicious code in @kl-dolphin/jump (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b8f3b07b54ef6c2330673267757bff28f45494cbba5f6a71a78115a2a54f10b The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
Rows per page
Query Builder