Lucene search
K

76 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/05 12:53 a.m.14 views

Malicious code in awaitly-mongo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f476f15bad689e2500c24cf2f416567759e5182689cc2cc301912ddfde02b1c4 No concrete installer-harm signals were identified in this package version. The package name suggests a MongoDB-related async helper, but no specific...

6.1AI score
Exploits0References27
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/05 12:53 a.m.15 views

Malicious code in mountly (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a392e66eff4da37e5adbd5288c1bb8da03c5348cfafacfa54aa113321e81dec5 The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/05 12:53 a.m.17 views

Malicious code in autotel-drizzle (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ed16d2715633927ef05b9b370a8d37f95581137f46144053bcb53f94430f2f33 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/05 12:53 a.m.12 views

Malicious code in effect-analyzer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 05b6ba1ec02dea0ff73e03c34e3fc37cf4982f156578e03e50909b4d1c8ccc47 The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/05 12:53 a.m.15 views

Malicious code in github-archiver (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f4d8f3a21af0a31a899de9e8eabd09e30c6e05e620ab3a7d7af420c34214898b The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/05 12:53 a.m.17 views

Malicious code in node-env-resolver-dotenvx (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1935de81fae9e35f6c7373f982092558f30d269b205a6edf0d847fb86d0bf3b5 The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...

6.1AI score
Exploits0References4
OSV
OSV
added 2026/06/05 12:53 a.m.10 views

MAL-2026-5253 Malicious code in executable-stories-init (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf8558677662bfcde2a5014a6ab8947b18228abb9415a5e41a964bcf5f5dd985 The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...

6.2AI score
Exploits0References3
OSV
OSV
added 2026/06/05 12:53 a.m.15 views

MAL-2026-5199 Malicious code in @ethlete/contentful (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a13fdab1eac9b66fa0d57b62cbd19dfb84616946491165e61b6fd62692441ca The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...

6.2AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/05 12:53 a.m.15 views

Malicious code in executable-stories-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 763be018d834c8776be31ab5121b48eaf1172a0b48b933bc6b792484d2ac742a The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...

6.1AI score
Exploits0References3
OSV
OSV
added 2026/06/05 12:53 a.m.12 views

MAL-2026-5241 Malicious code in create-wrangler-deploy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3bd71e3d5a93887188f34c9434d24b09d1108a2471ab437d6e78ae216162b05 The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...

6.2AI score
Exploits0References3
OSV
OSV
added 2026/06/05 12:53 a.m.14 views

MAL-2026-5211 Malicious code in autotel (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 921a045507925f9accff44927ec74588991f03dd291a3ae95cdc9919523ed800 Pattern matches fired on co-occurrence of the strings 'ping', 'POST', and 'hostname' in the package's bundled and source files dist/chunk-.cjs,...

6.2AI score
Exploits0References4
OSV
OSV
added 2026/06/05 12:53 a.m.13 views

MAL-2026-5261 Malicious code in mountly-tailwind (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e398eaa72f57a4536d3bb3c64f27de01f4a1d91cf64c65f10b8949dcfb4cfb91 The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...

6.2AI score
Exploits0References3
Snyk
Snyk
added 2026/05/18 9:0 p.m.11 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/05/18 9:0 p.m.6 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/05/18 9:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

9.8CVSS5.9AI score
Exploits0References3
Snyk
Snyk
added 2026/05/18 9:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/05/18 9:0 p.m.10 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

9.8CVSS5.9AI score
Exploits0References2
The Hacker News
The Hacker News
added 2026/03/21 8:25 a.m.8 views

Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages

The threat actors behind the supply chain attack targeting the popular Trivy scanner are suspected to be conducting follow-on attacks that have led to the compromise of a large number of npm packages with a previously undocumented self-propagating worm dubbed CanisterWorm. The name is a reference...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2025/12/01 12:47 p.m.18 views

⚡ Weekly Recap: Hot CVEs, npm Worm Returns, Firefox RCE, M365 Email Raid & More

Hackers aren't kicking down the door anymore. They just use the same tools we use every day — code packages, cloud accounts, email, chat, phones, and "trusted" partners — and turn them against us. One bad download can leak your keys. One weak vendor can expose many customers at once. One guest...

9.8CVSS10AI score0.99962EPSS
Exploits26
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/25 12:16 a.m.5 views

Malicious code in @voiceflow/google-types (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5dcda26e47493687c0d0abbbc7547b7f3c0e98ae3637f723272bcc4f20152b68 The package @voiceflow/google-types was found to contain malicious code. Source: ghsa-malware...

6.9AI score
Exploits0References4
Rows per page
Query Builder