Lucene search
K

13 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 11:4 p.m.12 views

Malicious code in leo-auth (npm)

The leo-auth npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...

6.5AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/05 12:53 a.m.13 views

Malicious code in autotel-vitest (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a7ed70ee4bddaee59149fdb7664c71d6efcc8c74cbd82bb652ed593b8d6a457d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References3
OSV
OSV
added 2026/06/05 12:53 a.m.12 views

MAL-2026-5258 Malicious code in executable-stories-vitest (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a6c7977dbc054cdb7fe56da0d2fbd26e2a6fed695deb4263ccbf4adfedd86acb The Miasma malware is a self-propagating worm that spreads across the npm registry by abusing weaponized binding.gyp files to achieve...

5.7AI score
Exploits0References2
OSV
OSV
added 2026/06/05 12:53 a.m.11 views

MAL-2026-5222 Malicious code in autotel-hono (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3c68b32ae5e05f59d29919bad0bfae6bef90d3723f77b4a64cc86d6e3a39284c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References3
OSV
OSV
added 2026/06/05 12:53 a.m.19 views

MAL-2026-5219 Malicious code in autotel-drizzle (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 296ec225ea5d6328333ec1641f1562f475b1ed521a003427b581aa288cc735b7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References3
OSV
OSV
added 2026/06/01 12:0 a.m.12 views

MAL-2026-5133 Malicious code in @redhat-cloud-services/compliance-client (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

5.9AI score
Exploits0References1
Snyk
Snyk
added 2026/05/18 9:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

9.8CVSS5.9AI score
Exploits0References2
OSV
OSV
added 2025/11/25 12:16 a.m.4 views

MAL-2025-191361 Malicious code in @voiceflow/nestjs-timeout (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 13d9067ab95136128bf92e8d28b434d340ae4fd7cd2c8e06f3378c71c3f6f2b1 The package @voiceflow/nestjs-timeout was found to contain malicious code. Source: ghsa-malware...

6.8AI score
Exploits0References10
OSV
OSV
added 2025/11/24 11:26 p.m.3 views

MAL-2025-191314 Malicious code in @silgi/graphql (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a0404f9aa498b1721d9dfffbbd0f41cb66d195675fa5a3b9e71fec42153b0e9 The package @silgi/graphql was found to contain malicious code. Source: ghsa-malware 131ca7201ac4ce3abb97a2f5940ad11186f384fb0190ddcaf14d36be20ea0d95...

6.8AI score
Exploits0References4
OSV
OSV
added 2025/11/24 4:31 p.m.4 views

MAL-2025-190923 Malicious code in mcp-use (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e38bd6291f6f6d66e34397d1b1495513a53528efac94b63487a1646eb7aa45af The package mcp-use was found to contain malicious code. Source: google-open-source-security...

6.8AI score
Exploits0References3
OSV
OSV
added 2025/11/24 2:1 p.m.3 views

MAL-2025-190780 Malicious code in redux-router-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d3336c78dffab3cf95e60180dad5e67109d7de3e5dbfc888d10874c466a4088c The package redux-router-kit was found to contain malicious code. Source: ghsa-malware 6714063bc703d6750a4f6a6eedaa083372d15b7b9fa6eef3c58492ac74792b...

6.8AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/09/16 5:5 p.m.6 views

Malicious code in @nexe/config-manager (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 22a78a7d10a59f7a2928448f3166f83de5443650d498bd687751f36688e87c5d Any computer that has this package installed or running should be considered fully compromised. All...

7.1AI score
Exploits0References6
OSV
OSV
added 2025/09/16 7:44 a.m.3 views

MAL-2025-47235 Malicious code in @crowdstrike/glide-core (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6c50fb4842e12feb703463f76e42b30788a613940789be0e353b396b7de4cba8 Any computer that has this package installed or running should be considered fully compromised. All...

7.1AI score
Exploits0References7
Rows per page
Query Builder