Lucene search
K

1553 matches found

OSV
OSV
added 2026/05/25 12:0 p.m.16 views

MAL-2026-4347 Malicious code in @devcarron/clob (npm)

A campaign of npm packages sharing a common dropper clob.js that downloads and persistently installs a Windows executable from IPFS on postinstall. The dropper fetches the binary from IPFS CID bafybeif3zkapj364ofnrvbty7oj5h5ufpxlp4s62usk3ulxrru35e3gssa via multiple public gateways Pinata,...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/20 1:0 p.m.11 views

MAL-2026-4603 Malicious code in lynx-keeper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc28f02ae68bf5a1a57af8662180d7a8a040e6f32ad87abde9acdae508070189 On require, dist/index.js executes a hex-obfuscated harvester that reads /.aws/credentials, /.aws/config, /.ssh/idrsa, /.ssh/ided25519, /.ssh/config,...

5.8AI score
Exploits0References4
OSV
OSV
added 2026/05/19 12:0 a.m.7 views

MAL-2026-4157 Malicious code in uri-parse (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.6 views

Malicious code in iota-centaurus-blackhole-cosmicray (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fe9edd2d1e8b436561ebe0f717ae927f48886e57234216c51efa7ee60e1199be This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.6 views

Malicious code in polaris-backend-rollup-asthenosphere (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c75e945aecd446f0bba0ce1b9c53ec6e16c4e3159cd012093ef624baa26afa93 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.5 views

Malicious code in buffer-aldebaran-norma-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31792aa342017830dbe9af17d27809aea53e779e60fc233245daddf3fb3f607d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.5 views

Malicious code in repository-reveal-md-multiverse-quasar (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de52f7052500891977e9b92278627f7cabde231989ddf59ee96489c8f19bf65a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.3 views

Malicious code in archaeogenetics-astrochemistry-quark-chakra-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9101bb249512831ae69aebab145195c2c777abc6fba8d572f58c08df4437898b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.7 views

Malicious code in miranda-biotechnology-xanadu-halley (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 252ea35406402f4bad38396317c238088ec6afcbe8e5aa922bda36ae0b271afd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.5 views

Malicious code in impulse-holography-grunt-sequelize (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c9c28c8183009a08a11188523afcf95bf4a90b317d6e72e29db3fb3800beef2b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.3 views

Malicious code in prompts-jasmine-wolf-duplex (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c4950e6676dcd08c2d832364db96e59567d89ab3b4af075fb7f3fc3b563b84a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.6 views

Malicious code in phenomic-resolvers-node-config-postgres (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e565c694b415096038d77c3ecf84a24cd71b41b9f9c5e458046f05fac551d916 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.7 views

Malicious code in nodemon-terser-webpack-plugin-private-mantle (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e48a9fd6450f06e90ee5d9956c154c4f2502f33ea2ea4855e7091ec32a7172e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.7 views

Malicious code in lint-staged-gemini-aquarius-superagent (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a5fc40fa5df9bcceec113021575335b079fa5851a7bb404c582e9c8ace2a5b31 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.7 views

Malicious code in cladistics-crust-blitz-delphinus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c316f4e58246fa52759b2c006660c1ca9ee997f2706fb365c7d763fa3baf2b7a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.3 views

Malicious code in mock-parse-earth-export-hot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f34794b0828e1a200e5572cca5b219a30310bc6f4495e2634c3ddd92840c50ea This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.5 views

Malicious code in command-leda-fetch-delphinus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5feb6e2ef6c9afe8aa0d51f1a5b382e86c7f05202802ce99f9d5296a1ce376d1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.6 views

Malicious code in figures-materialize-markdown-pdf-miranda (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 41294a6a54f63efb3d110086df70993ce7f964de9cd488774579c765e803cb38 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.6 views

Malicious code in encrypt-meta-authenticate-log-string (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d7b652ac77988fd5095d31173051f104a9282bb6428032f99261ebbee04f6289 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.7 views

Malicious code in capella-non-blocking-avior-jabbah (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 697d20fd458370f67b8e4b77a9c4544eac4e341d74074811134a95ee295055cb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
Rows per page
Query Builder