Lucene search
K

2974 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added yesterday3 views

Malicious code in abuden2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 01fc679091d0bd079249822993efce7f3ed4ef7d032c73f9aa730a6259f76cb6 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday2 views

Malicious code in nottuff24 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 98d91c65c2ae847d5e741575bbc60ac69c0d2aca4973888c6ce2fc85daac3e30 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSV
OSV
added 2026/07/06 6:53 p.m.5 views

MAL-2026-6848 Malicious code in log-format-thread (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e034e855661cc792a14908c613b0d3ae31917a99927ddf0db29b1ae173df0cd Package advertises itself as a log formatter but exposes an undocumented threadContent option on createLogger that is forwarded to a worker thread...

5.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/30 2:10 p.m.6 views

Malicious code in rs-biginteger (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 796cb1ee4c8398963dcc192d2fc9b425866f40f7a99b467cba1d160234508617 Package presents itself as a big-integer arithmetic library and ships the verbatim big.js v7.0.1 source plus its README. Injected between the P.minus...

6.2AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 2:16 a.m.6 views

Malicious code in two-factor-prompt-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 95ebb96758f051c0a5a1c8fe97fb05c898f2489f4567fb64fbd271eb103dcadc Package self-identifies as a dependency-confusion proof-of-concept aimed at an internal/private package name. The postinstall script postinstall.js...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/06/23 9:53 p.m.6 views

MAL-2026-6357 Malicious code in theme-color-picker (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f7a4ba7e8664b9e1d99c4018963a4731d591653d7f2a9b879ba090e7a7f6e7bd Although the package presents itself as a 'theme color picker', package.json identifies the publisher as analysis-chart.io with repository...

5.9AI score
Exploits0References4
OSV
OSV
added 2026/06/17 3:12 a.m.10 views

MAL-2026-5949 Malicious code in @mastra/fastify (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1ba29e7c4e2320b4f5852c18ded92c92021cfbc47d5bf8146b1a93ffa58260c7 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 11:19 a.m.18 views

Malicious code in cookie-parser-legacy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53a673e0454bb102d4e8456e3c26290196c5ae5bf4cf9438ce78f8286fd5c3be Package name and README impersonate the well-known cookie-parser Express middleware. The source is a near-verbatim copy of cookie-parser, except the...

5.8AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 7:55 a.m.12 views

Malicious code in ethereum-kit-1 (npm)

Crypto/SSH/wallet stealer, blockchain-helper-0/web3-tools-9 campaign sibling c960/c961. postinstall scripts/postinstall.js auto-execs, src/index.js harvests /.ssh/idrsa+wallet keys/seeds+env, self-labels "CRYPTO STEALER", exfils to IDENTICAL Telegram bot 8227918239 chat 6433587894 not rotated...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/05 12:53 a.m.17 views

Malicious code in @ethlete/components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 59b70ddfa1fae6a08ce80a1c1f924e904dde1534eeb55d9fdcdfa9651a89b8e0 The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/05 12:53 a.m.15 views

Malicious code in autotel-adapters (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4e39e600baede93e3a5b493d603c5fe392c561544c95611960149ac4e7b99f98 No concrete installer-harm evidence was identified for [email protected]. No lifecycle-script droppers, hardcoded exfiltration endpoints,...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/05 12:53 a.m.14 views

Malicious code in @ethlete/types (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d8f99e5213b116197421a47e5d43675c1772592479e5646e6683f28ca5e77873 The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/05 12:53 a.m.16 views

Malicious code in wrangler-deploy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0d2085fa4916157b99799df085aa11e3d29bdb9a47f5798c85375b1bfdf8bd7e Package name wrangler-deploy is close to Cloudflare's official wrangler CLI, which raises confusion-risk concerns for developers who may install it...

6AI score
Exploits0References3
OSV
OSV
added 2026/06/05 12:53 a.m.13 views

MAL-2026-5240 Malicious code in create-cf-token (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 56d9884f6d63e063d1320b8d8efbfb8852f00bd3c18c87b03b445f6978897570 The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/05 12:53 a.m.19 views

Malicious code in @ethlete/query (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d3334de45d8864ad96963e00aa263c3c1b09678abe9317058965a2b6b026abd The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...

6.1AI score
Exploits0References3
OSV
OSV
added 2026/06/05 12:53 a.m.10 views

MAL-2026-5255 Malicious code in executable-stories-mcp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc974c5748dbf6c421d343ec3924e31bcc8a56a1202e59818e5282bc239a14f2 [email protected] ships a bundled HTTP server module dist/http.cjs and dist/http.js where pattern matchers flagged co-occurrence of...

5.7AI score
Exploits0References3
OSV
OSV
added 2026/06/05 12:53 a.m.24 views

MAL-2026-5243 Malicious code in dbmux (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e5a2711ddd8b917b94e7d441193f3cb4b13b5f58b8651c04ee2728119f9f049 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.7AI score
Exploits0References5
OSV
OSV
added 2026/06/05 12:53 a.m.12 views

MAL-2026-5247 Malicious code in eslint-plugin-executable-stories-jest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f57bad4c5897c34b725457a558ebfe9df86ff8092f5bfd36b1568d6dc5e84da8 The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...

6.2AI score
Exploits0References4
OSV
OSV
added 2026/06/01 9:9 a.m.12 views

MAL-2026-5109 Malicious code in shopifyto-cms (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5f0fb4ee5fa3c58016b3fa60c91ff3a9b5f30d82cbf65b239a096ef850ccb475 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/06/01 8:0 a.m.10 views

MAL-2026-5157 Malicious code in @tse-digital/core (npm)

Dependency confusion attack campaign targeting Scandinavian telecommunications and digital services organizations Telenor, Ownit, Vimla, and Customer 360 / C360. Four packages published by the debating0166 npm account use inflated version numbers 99.0.x to win npm registry resolution over private...

5.8AI score
Exploits0
Rows per page
Query Builder