Lucene search
K

1553 matches found

OSV
OSV
added 2026/05/25 12:0 p.m.16 views

MAL-2026-4347 Malicious code in @devcarron/clob (npm)

A campaign of npm packages sharing a common dropper clob.js that downloads and persistently installs a Windows executable from IPFS on postinstall. The dropper fetches the binary from IPFS CID bafybeif3zkapj364ofnrvbty7oj5h5ufpxlp4s62usk3ulxrru35e3gssa via multiple public gateways Pinata,...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/20 1:0 p.m.11 views

MAL-2026-4603 Malicious code in lynx-keeper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc28f02ae68bf5a1a57af8662180d7a8a040e6f32ad87abde9acdae508070189 On require, dist/index.js executes a hex-obfuscated harvester that reads /.aws/credentials, /.aws/config, /.ssh/idrsa, /.ssh/ided25519, /.ssh/config,...

5.8AI score
Exploits0References4
OSV
OSV
added 2026/05/19 12:0 a.m.7 views

MAL-2026-4157 Malicious code in uri-parse (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.5 views

Malicious code in encrypt-meta-authenticate-log-string (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d7b652ac77988fd5095d31173051f104a9282bb6428032f99261ebbee04f6289 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.6 views

Malicious code in iota-centaurus-blackhole-cosmicray (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fe9edd2d1e8b436561ebe0f717ae927f48886e57234216c51efa7ee60e1199be This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.6 views

Malicious code in polaris-backend-rollup-asthenosphere (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c75e945aecd446f0bba0ce1b9c53ec6e16c4e3159cd012093ef624baa26afa93 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.5 views

Malicious code in buffer-aldebaran-norma-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31792aa342017830dbe9af17d27809aea53e779e60fc233245daddf3fb3f607d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.5 views

Malicious code in repository-reveal-md-multiverse-quasar (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de52f7052500891977e9b92278627f7cabde231989ddf59ee96489c8f19bf65a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.3 views

Malicious code in archaeogenetics-astrochemistry-quark-chakra-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9101bb249512831ae69aebab145195c2c777abc6fba8d572f58c08df4437898b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.7 views

Malicious code in miranda-biotechnology-xanadu-halley (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 252ea35406402f4bad38396317c238088ec6afcbe8e5aa922bda36ae0b271afd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.5 views

Malicious code in impulse-holography-grunt-sequelize (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c9c28c8183009a08a11188523afcf95bf4a90b317d6e72e29db3fb3800beef2b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.3 views

Malicious code in prompts-jasmine-wolf-duplex (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c4950e6676dcd08c2d832364db96e59567d89ab3b4af075fb7f3fc3b563b84a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSV
OSV
added 2025/11/13 3:23 a.m.5 views

MAL-2025-185796 Malicious code in betelgeuse-octans-aether-less (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 238d025dab0ee39d02e7edfb16a051b43ebfac7d807344917f615cdf00cc72ab This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/13 3:23 a.m.4 views

MAL-2025-189161 Malicious code in release-it-apollo-norma-vuepress (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 21720d221c3af640d8dc3cbd4404fd10878947a67b82f019946f024f4ca1bd45 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/13 3:23 a.m.4 views

MAL-2025-187144 Malicious code in gemini-sagitta-cordelia-aether (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ab8d2311414e1b1acf4dd1d565d5665bcd08dfdcacfc575f768244f7c9c7ca75 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/13 3:23 a.m.4 views

MAL-2025-187994 Malicious code in mesosphere-private-farout-boson (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 982be16bee3a131de3f0ee0733c342b0c9531bb8820ee69c8d9cee3509fc71fc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/13 3:23 a.m.6 views

MAL-2025-186790 Malicious code in epsilon-class-cluster-root-xml (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 803cee7f39b9a2ab6058d1cd3ae867eab62842ca33d4e97cb5e92576816dc45e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.6 views

Malicious code in phenomic-resolvers-node-config-postgres (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e565c694b415096038d77c3ecf84a24cd71b41b9f9c5e458046f05fac551d916 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.7 views

Malicious code in nodemon-terser-webpack-plugin-private-mantle (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e48a9fd6450f06e90ee5d9956c154c4f2502f33ea2ea4855e7091ec32a7172e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.7 views

Malicious code in lint-staged-gemini-aquarius-superagent (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a5fc40fa5df9bcceec113021575335b079fa5851a7bb404c582e9c8ace2a5b31 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
Rows per page
Query Builder