Lucene search
K

136754 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in nonexistent-package (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9393b3fc67ac5c169de7089d2f5100b5cb49af4e2b747b46726660bebc2bf66a No a static rule matches and no traced behavioral findings were produced for this package version. Nothing in the analyzed artifacts indicates...

6.2AI score
Exploits0References2
OSV
OSV
added yesterday5 views

ROOT-APP-NPM-CVE-2026-5079 CVE-2026-5079 in @rootio/multer - Patched by Root

Root has patched CVE-2026-5079 in the @rootio/multer package for Root:npm. Multiple fixed versions available...

7.5CVSS5.8AI score0.00278EPSS
Exploits0
OSV
OSV
added yesterday4 views

ROOT-APP-NPM-CVE-2026-35213 CVE-2026-35213 in @rootio/hapi__content - Patched by Root

Root has patched CVE-2026-35213 in the @rootio/hapicontent package for Root:npm. Multiple fixed versions available...

7.5CVSS5.7AI score0.00413EPSS
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday5 views

Malicious code in chai-spycore (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fbb99516f251bbd13baae5273239a6a04acefea76ddf1a7b06f4b5a328339dae Package republishes the chai-spies Chai plugin source verbatim including original author header under the near-identical name chai-spycore...

6.3AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago6 views

Malicious code in windrule-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12204dba8f73baf0bb7f6ce1ebd80bb2ce689752abaea290e1429aed4037bb9c No suspicious behaviors were observed in this package version. There are no lifecycle scripts fetching or executing remote code, no hardcoded...

6AI score
Exploits0References2
OSV
OSV
added 2 days ago4 views

MAL-2026-6850 Malicious code in logger-beauty (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 29f894c613d7ea8f407e4515aca877e6f13b5bb8e72530ce8032a534336b5a25 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSV
OSV
added 2 days ago11 views

ROOT-APP-NPM-CVE-2026-42043 CVE-2026-42043 in @rootio/axios - Patched by Root

Root has patched CVE-2026-42043 in the @rootio/axios package for Root:npm. Multiple fixed versions available...

7.2CVSS5.8AI score0.00661EPSS
Exploits1
OSV
OSV
added 2 days ago12 views

ROOT-APP-NPM-CVE-2026-44496 CVE-2026-44496 in @rootio/axios - Patched by Root

Root has patched CVE-2026-44496 in the @rootio/axios package for Root:npm. Multiple fixed versions available...

7.5CVSS5.4AI score0.00645EPSS
Exploits1
OSV
OSV
added 2 days ago3 views

ROOT-APP-NPM-GHSA-VVJJ-XCJG-GR5G GHSA-vvjj-xcjg-gr5g in @rootio/nodemailer - Patched by Root

Root has patched GHSA-vvjj-xcjg-gr5g in the @rootio/nodemailer package for Root:npm. Multiple fixed versions available...

4.9CVSS5.8AI score
Exploits0
OSV
OSV
added 2 days ago7 views

ROOT-APP-NPM-CVE-2026-6734 CVE-2026-6734 in @rootio/undici - Patched by Root

Root has patched CVE-2026-6734 in the @rootio/undici package for Root:npm. Multiple fixed versions available...

8.8CVSS6.4AI score0.00323EPSS
Exploits0
OSV
OSV
added 2 days ago14 views

ROOT-APP-NPM-CVE-2026-42039 CVE-2026-42039 in @rootio/axios - Patched by Root

Root has patched CVE-2026-42039 in the @rootio/axios package for Root:npm. Multiple fixed versions available...

7.5CVSS5.8AI score0.00744EPSS
Exploits1
OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago7 views

Malicious code in gen-ai-opt-in (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3653831a01d3068b12688a9f6ae11926a1b1edde27f8f37a6c48f3f0dba99231 On npm install, postinstall.js executes automatically and collects installer host identifiers os.hostname, os.userInfo.username plus public IP/geo da...

5.9AI score
Exploits0References4
OSV
OSV
added 3 days ago3 views

MAL-2026-6761 Malicious code in gen-ai-opt-in (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 371ed0f5f59f881d5fa2a296e7e3d44833f1ae46129da09714cab2edadcf440a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSV
OSV
added 3 days ago3 views

MAL-2026-6792 Malicious code in wsh4-nmp (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ae8d49fb38a00054e408984deccb85f6486ffa7aa61c31ad01402413143168d0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago5 views

Malicious code in debugcli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ff9ad8188112d91f0ea673971f4421ca96dc7943ba12d65c7339c1aa75c2226e The package name debugcli shadows the popular debug package, and index.js is a thin re-export module.exports = require'debug' so callers observe...

6.1AI score
Exploits0References7
OSV
OSV
added 5 days ago3 views

MAL-2026-6790 Malicious code in debugcli (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b27bc49b2d8ef30848d427f7d6ec702eaed3b5bcc49f5fd4384183f228e2c50a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSV
OSV
added 5 days ago13 views

ROOT-APP-NPM-CVE-2026-45740 CVE-2026-45740 in @rootio/protobufjs - Patched by Root

Root has patched CVE-2026-45740 in the @rootio/protobufjs package for Root:npm. Multiple fixed versions available...

5.3CVSS5.8AI score0.00263EPSS
Exploits0
OSV
OSV
added 6 days ago13 views

ROOT-APP-NPM-CVE-2026-42037 CVE-2026-42037 in @rootio/axios - Patched by Root

Root has patched CVE-2026-42037 in the @rootio/axios package for Root:npm. Multiple fixed versions available...

5.3CVSS5.8AI score0.0024EPSS
Exploits1
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago5 views

Malicious code in @marketfront/designsystemdevtool (npm)

The @marketfront/designsystemdevtool package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and...

6.2AI score
Exploits0References2
OSV
OSV
added 6 days ago3 views

MAL-2026-6777 Malicious code in @marketfront/errorcounter (npm)

The @marketfront/errorcounter package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...

6.1AI score
Exploits0References2
Rows per page
Query Builder