Lucene search
K

97 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/12 2:32 p.m.10 views

Malicious code in sea-bound-siren (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cd5f2d5cc691968b1bb69f12ea7476c618f6432b42976869906df06312b912c0 On npm install, postinstall.js executes a shell pipeline that collects the output of id, os.hostname, the full process environment env | sort, the...

5.4AI score
Exploits0References24
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/29 10:3 p.m.14 views

Malicious code in tailwind-smooth-slider (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b613524a54cbd80614c087930d4df2de524b7a594cadc3469723bb38e5cc8516 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/20 8:33 a.m.8 views

MAL-2026-4196 Malicious code in pinno-loggers (npm)

pinno-loggers is a malicious npm package that depends on terminal-logger-utils and triggers the malicious behavior in that package when installed or imported. The terminal-logger-utils payload executes a postinstall hook that opens utils.cjs, an obfuscated malware dropper. The dropper downloads a...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/03/25 12:35 a.m.6 views

MAL-2026-2156 Malicious code in tailwind-animationbasis (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 613bfa904c0195c7d59209123554b2be83ed4a0568c174e8b221e22725fec103 The package tailwind-animationbasis was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/03 4:8 a.m.9 views

Malicious code in ethglobal-finale (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 08bdc506129e3fb599d1bb0f5c3a369199b3f58ecda5d8c869d47f25847da6ad The package ethglobal-finale was found to contain malicious code. Source: ghsa-malware 051d643dd2d78f5cfda5a7945e560297dae2d0d8abe72d2b1725846b34951f...

5.7AI score
Exploits0References1
OSV
OSV
added 2026/01/21 4:28 a.m.6 views

MAL-2026-379 Malicious code in @joaoxxx/internallib-v325 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2f9c573db1b523cb0082a05f37710f4084f5ed28324fbe23186a7ebf9a0a082d The package @joaoxxx/internallib-v325 was found to contain malicious code. Source: ghsa-malware...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.6 views

Malicious code in leda-pegasus-magnetosphere-sagitta (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 320e44886a156614cb8756afb54e4075fc58ed6bebbdd91f2cfd702bf93dd0d9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSV
OSV
added 2025/11/13 3:23 a.m.2 views

MAL-2025-186359 Malicious code in cosmos-coronalmassejection-remark-arcturus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 208a74d2761cf9eb60cec0d3b5d1fc4781bf4aa0d64bb47e029d69cc94828006 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/13 3:23 a.m.4 views

MAL-2025-187169 Malicious code in geomorphology-fermion-aquarius-oscillation (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a5dd8df67636856b60e86272fa741e198eaece85c5f95e6c79aa5e1235b8541 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/13 3:23 a.m.4 views

MAL-2025-190274 Malicious code in webdriver-mocha-nightwatch-cosmiconfig-despina (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de3cfc3b8c341c20b4e8af0757b87d8eb021f0af5c7c338267d8024659a8cd03 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/12 10:25 p.m.3 views

Malicious code in inda-fodja-g (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d497107c4e4a0ed32d4bc6fee44d2ada243a1951810350f8dbf2f7faf2f285b9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/12 10:25 p.m.2 views

Malicious code in mahnu-oy-gistsi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 580c2a19d202109998de5c16fd76146b3dd4f2bc3d42ecdeaf88ab9cbae66e93 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/12 10:25 p.m.3 views

Malicious code in inda-fodja-gugoa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2381618fb04382cb6b6ac8f5c237372ed847fc0bb1b5fd82466d27c28637d739 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/12 8:46 p.m.3 views

Malicious code in anais-papmoa-ymiaogia (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7976a7fcd6198cb3c4446ea7455bff5bc8568d8bca6b434536f2c6fd3a60a1f9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSV
OSV
added 2025/11/12 8:46 p.m.3 views

MAL-2025-180619 Malicious code in teate-thy-sonic-kuga (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a8f7f9d7d5596bb0f44dcb9d744b03137db01120e4b14103e782f7436119f881 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/12 7:18 p.m.5 views

Malicious code in hunim-satmf-anujafai (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de0d5caebf6adae65dfe63111d6274a234f00e897ff6ff7f7b2460c5651d771b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/12 7:18 p.m.3 views

Malicious code in sumpel-poke25 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 440486628efcb099562dee61bde40f559f662d012ed61572abbcc25503ed16cd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/12 7:18 p.m.5 views

Malicious code in nuragi-sutu-gaaog (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3458ac9421392a568a4fb33c9151f595bf0352c24f70e36e53dd1b098eceddc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSV
OSV
added 2025/11/12 7:18 p.m.4 views

MAL-2025-176911 Malicious code in nuragi-sutu-gaviaog (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e6ac6b4b76c922d3a426364e1242b22ba7191fca8b3a077a20457f318debab7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/12 7:18 p.m.3 views

MAL-2025-175810 Malicious code in kupaio-ulokia- (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8812e28fa4c2f11eeb75cba960cf3eb2fe74a44780ba4e5552a376d54ec0b87b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
Rows per page
Query Builder