Lucene search
K

24 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/08 9:0 a.m.12 views

Malicious code in chai-mocks (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e65359853241724a1b519599469dadfcd2b32674455db9fe5284cb7553a5ddf4 The package masquerades as a pino-style logger middleware but is a remote code loader. When the exported middleware is invoked, index.js spawns a...

6.5AI score
Exploits0References2
Snyk
Snyk
added 2025/11/24 8:33 p.m.3 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

9.8CVSS6.8AI score
Exploits0References3
Snyk
Snyk
added 2025/11/24 4:24 p.m.1 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

9.8CVSS6.8AI score
Exploits0References3
OSV
OSV
added 2025/11/13 3:23 a.m.5 views

MAL-2025-186399 Malicious code in cryovolcano-grus-ini-proxima (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd0a229347ff016f9d70393ed03e8a4a921a6e4c86a3a5603209a0d4bd75855e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.3 views

EUVD-2025-180191

Malicious code in await-figures-nodemon-genomics npm...

6.6AI score
Exploits0
OSV
OSV
added 2025/11/13 3:23 a.m.4 views

MAL-2025-186460 Malicious code in dactyl-loopback-axios-lacerta (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 94ef9b4077e3c6ce19e631255d57d1edaaaa35e2479ccaad486e1d3e0d6f9a3d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/12 4:29 a.m.2 views

Malicious code in relay-mocha-mutation-rate-limiter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aba86765ad1d4909a393eb1d62de286cacd7f00f07a84862e0f6f275d9553d71 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSV
OSV
added 2025/11/11 8:11 p.m.1 views

MAL-2025-122106 Malicious code in nina-lodeh26-breki (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d91ac7d8f601a954d51857765df85b2d2c21c780eb3d5ac4704e634a2d7b6ea6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
EUVD
EUVD
added 2025/11/11 3:19 p.m.2 views

EUVD-2025-90467

Malicious code in legislativeheronz3n npm...

6.6AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/11 5:50 a.m.3 views

Malicious code in nana-getas99-pore (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f561ccf72a61cd0f3708b2c06d2daf8fa83f41d45f5fc465a112fce95df8a0e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
EUVD
EUVD
added 2025/11/11 5:18 a.m.5 views

EUVD-2025-65367

Malicious code in alerttortoisez3n npm...

6.6AI score
Exploits0
OSV
OSV
added 2025/11/11 3:48 a.m.2 views

MAL-2025-76731 Malicious code in ade-rangi26-sukiwir (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a337d18d322b9604e6de3e21dd8c0b12c3729c977262a58cc1b01caa6b38046e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/11 12:41 a.m.5 views

Malicious code in lucky-plum-pike (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 83a12967ce28e73b2de6a84a8cfdc72a4df4dfdea4c4323be4a643a18c42ead7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
EUVD
EUVD
added 2025/11/11 12:41 a.m.5 views

EUVD-2025-52738

Malicious code in pleased-tan-cat npm...

6.6AI score
Exploits0
OSV
OSV
added 2025/11/10 6:2 p.m.4 views

MAL-2025-60347 Malicious code in efficient_python_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4248efc5435828bb9d4c4742a78542edcbdc00940263135331e467cc5c64d378 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/09/15 11:53 p.m.3 views

MAL-2025-47200 Malicious code in ngx-trend (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b4ce4552eafe30b0ec3dfa40fc39012f7f3b56ffa76ec7c9304ef75681921318 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.3 views

Malicious code in @zalastax/nolb-passport-u (npm)

The package @zalastax/nolb-passport-u was found to contain malicious code...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/07/14 1:28 p.m.6 views

Malicious code in ngf-attachments-list (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

6.9AI score
Exploits0
vulnersOsv
vulnersOsv
added 2024/06/17 7:9 p.m.5 views

7ghost (>=4.11.25 <=4.11.46), @100mslive/hms-excalidraw (>=0.1.3 <=0.1.14) +1242 more potentially affected by CVE-2024-37890 via ws (>=6.0.0 <=6.2.2)

ws NPM version =6.0.0, =4.11.25, =0.1.3, =0.0.1-bate.30, =0.0.1, =0.0.1, =7.0.0, =0.1.0, =4.4.0, =4.2.2, =2.9.0, =0.0.1-alpha.95, =1.0.0, =1.2.0, =1.6.2 and more Source cves: CVE-2024-37890 Source advisory: OSV:GHSA-3H5V-Q93C-6H6Q...

7.5CVSS6.8AI score0.01357EPSS
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:14 p.m.3 views

Malicious code in free-fortnite-skins-avicu (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 66ea6e86784f4ba64d171619a1c37800732e9659932d3f2be1a7275235ded8f8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
Rows per page
Query Builder