Lucene search
K

7 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/05 12:53 a.m.14 views

Malicious code in autotel-eventcatalog (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 21a008fc4c3a9bff3d0c920364ff6e56ab62ff607408a040e7e959ad3cb461d9 No concrete installer-harm evidence was identified for this package version. No lifecycle-script droppers, credential reads, hardcoded exfiltration...

6AI score
Exploits0References8
OSV
OSV
added 2026/06/05 12:53 a.m.9 views

MAL-2026-5264 Malicious code in node-env-resolver-dotenvx (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1935de81fae9e35f6c7373f982092558f30d269b205a6edf0d847fb86d0bf3b5 The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...

6.2AI score
Exploits0References4
OSV
OSV
added 2026/06/05 12:53 a.m.12 views

MAL-2026-5218 Malicious code in autotel-devtools (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e1bce8c001a8e85b493ccdd8af1e3e57f3578d1026e6d5d147374b0a68467313 autotel-devtools ships bundled CommonJS and ESM artifacts dist/cli.cjs, dist/cli.js, dist/index.cjs, dist/index.js, dist/server/index.cjs,...

6.2AI score
Exploits0References11
Snyk
Snyk
added 2025/11/24 4:24 p.m.2 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

9.8CVSS6.8AI score
Exploits0References3
OSV
OSV
added 2025/11/13 3:23 a.m.3 views

MAL-2025-187129 Malicious code in geckodriver-public-paleobotany-telesto (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4cd54efa4724d44aff0fe9aa5a62b9fc47072ffd0871a2d90ea2287aa4e62776 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/12 4:47 p.m.3 views

Malicious code in nabila-poke51 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9625f0915502bf4dbc760cf3aa2ae775d7d48a7d10aa2470883d6e02512c260a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/11 3:19 p.m.2 views

Malicious code in fajar-lengko49-miaww (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector faaf09a8ce0f99ec842a15098a78aacf124ec8e76cf27eebcb1741e36e8dbb00 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
Rows per page
Query Builder