Lucene search
K

9 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/22 12:0 p.m.7 views

Malicious code in @petitcode/eb-retry (npm)

@petitcode/eb-retry malicious version 1.3.5, published by [email protected] is a trojanized npm package belonging to the wshu.net credential-stealer campaign. The campaign published trojanized look-alike utility packages across 12+ scopes whose publisher accounts all follow the pattern...

6AI score
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/19 3:0 p.m.8 views

Malicious code in chai-as-attested (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 88e27467366a90f482eb47476458b1f74d5a41ac63371572e527f2e60e4e0b51 Package impersonates a pino-style logger exports module.exports.pino, ships pino-like DEFAULTLEVELS, keywords fast/logger/stream/json but the exporte...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/06/19 3:0 p.m.7 views

MAL-2026-6218 Malicious code in chai-as-attested (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 88e27467366a90f482eb47476458b1f74d5a41ac63371572e527f2e60e4e0b51 Package impersonates a pino-style logger exports module.exports.pino, ships pino-like DEFAULTLEVELS, keywords fast/logger/stream/json but the exporte...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/16 10:20 p.m.7 views

Malicious code in ssr-auth-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fe43338279cb894ffacc18ef9ec757d4b4fa8b603672b0bedcb4c00d9f8a806 On require'ssr-auth-sync', index.js loads lib/writer.js, which immediately fetches a base64-hidden URL https://www.jsonkeeper.com/b/PJNZP, an anonymo...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/06/13 3:4 a.m.14 views

MAL-2026-5728 Malicious code in vite-config-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d1f9ee389e1023034a78a4c268db5d48e016565f37b7fb6c514bf095b2dec552 On require/import of the package, the entrypoint chain src/index.js → core/createConfig.js → features/plugins.js side-effect-imports...

6.2AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/12 7:43 p.m.13 views

Malicious code in vite-plugin-compress-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7f7b2710441863a429a2a1833e06f54e9afc23c87d1b40d7ee09e1995c6a65c2 On module load, this Vite plugin performs an HTTP GET to https://www.jsonkeeper.com/b/XVHGD an anonymous, mutable paste host and passes the response'...

6AI score
Exploits0References3
OSV
OSV
added 2026/06/12 7:43 p.m.10 views

MAL-2026-5713 Malicious code in vite-plugin-compress-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7f7b2710441863a429a2a1833e06f54e9afc23c87d1b40d7ee09e1995c6a65c2 On module load, this Vite plugin performs an HTTP GET to https://www.jsonkeeper.com/b/XVHGD an anonymous, mutable paste host and passes the response'...

6AI score
Exploits0References3
OSV
OSV
added 2026/03/27 6:22 p.m.5 views

GHSA-XJPJ-3MR7-GCPF Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options

Summary The Handlebars CLI precompiler bin/handlebars / lib/precompiler.js concatenates user-controlled strings — template file names and several CLI options — directly into the JavaScript it emits, without any escaping or sanitization. An attacker who can influence template filenames or CLI...

8.2CVSS6AI score0.00291EPSS
Exploits1References5
OSV
OSV
added 2023/05/29 12:15 a.m.10 views

CVE-2023-31874

Yank Note YN 3.52.1 allows execution of arbitrary code when a crafted file is opened, e.g., via nodeRequire'childprocess'...

8.8CVSS6AI score0.04898EPSS
Exploits3References1
Rows per page
Query Builder