Lucene search
K

122456 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 10 hours ago4 views

Malicious code in akshajrawat.utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 105157af41712b64f8b36ec1cb01e28958e4ad828a0c08d0979a1f6e22d1f13d The package's package.json declares a postinstall lifecycle hook that runs automatically on npm install: node -e...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 10 hours ago4 views

Malicious code in micro-ui-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector be44655a47177f3740201ddb9dc66db080b9f665354c78bcebeb9a2da3b11b7f On npm install, the package's postinstall script postinstall.js reads os.hostname and sends it as a query parameter in a plain-HTTP GET to a hardcode...

6.1AI score
Exploits0References3
OSV
OSV
added 10 hours ago2 views

MAL-2026-10564 Malicious code in micro-ui-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector be44655a47177f3740201ddb9dc66db080b9f665354c78bcebeb9a2da3b11b7f On npm install, the package's postinstall script postinstall.js reads os.hostname and sends it as a query parameter in a plain-HTTP GET to a hardcode...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 12 hours ago3 views

Malicious code in @amedit/vercel-builder-probe (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fe0b29ddff65cbd65167ea905c448d928fc6da661d69df415993635bf1bd3bc When wired in as a @vercel/build-utils Builder and the exported build runs in a Vercel deployment pipeline, index.js reads the installer's...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 13 hours ago7 views

Malicious code in @flcik/flick.js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d31c087b34f156cf2b5ae7070222a57e2d760d68f9c4c73721c2800eb7b6bf62 @flcik/[email protected] replicates the discord.js public API surface FlickClient, GatewayIntentBits, SlashCommandBuilder, ButtonStyle, MessageFlags, th...

6.1AI score
Exploits0References10
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday3 views

Malicious code in nodemon-delog (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea1c5b4054d6daffaf190005db661027e29255ae20de1bb410f506de1f178532 nodemon-delog is published under a name that resembles the widely-used nodemon package and ships a verbatim copy of nodemon's source tree, README,...

6.1AI score
Exploits0References2
OSV
OSV
added yesterday4 views

MAL-2026-10474 Malicious code in @dervix/engine.io (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 118dd8f5224b1dcccddf25d74c6c9fe3543b444173ea293dafa28154e82689d5 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday5 views

Malicious code in @gleamkit/engine.io (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 008464ca4d7ba15b4b8c6d3a979586c61bd527aef3a209571d28c0ba912403ae The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References4
OSV
OSV
added yesterday3 views

MAL-2026-10477 Malicious code in @gleamkit/socket.io (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d6a306142d74b2781d66322adf2bc1b9898bfdb8e1814d2cb511c3e49b75c13 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References4
OSV
OSV
added yesterday1 views

MAL-2026-10448 Malicious code in @sqlite-group/schema-generator (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d317d08a81d92d85c53ffe33ef8c709b706ed09c1f89b1c6489ac4fbf9f82c8 On require/import, index.js fetches the content of a GitHub Gist https://gist.github.com/getchainverse/b57a92378ad0a52430137c3b810e7107, retrieved vi...

6.2AI score
Exploits0References2
OSV
OSV
added yesterday2 views

MAL-2026-10430 Malicious code in prettier-plugin-base (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e4c522699877c1eca1bb9c838a443e3c4bfa21950cf5c5b1d23182ae91a534e The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSV
OSV
added yesterday6 views

ROOT-APP-NPM-CVE-2026-44789 CVE-2026-44789 in @rootio/n8n - Patched by Root

Root has patched CVE-2026-44789 in the @rootio/n8n package for Root:npm. Multiple fixed versions available...

9.9CVSS6AI score0.00632EPSS
Exploits1
OSV
OSV
added yesterday3 views

ROOT-APP-NPM-CVE-2026-32630 CVE-2026-32630 in @rootio/file-type - Patched by Root

Root has patched CVE-2026-32630 in the @rootio/file-type package for Root:npm. Multiple fixed versions available...

5.3CVSS5.9AI score0.00299EPSS
Exploits1
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday5 views

Malicious code in another-poc-by-tipsen (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d1bd73ac39644da27df81fcbc6540647d0f13d77419a07997a8ca0a2baa6164e package.json declares a dependency safe-chain-test sourced from a tarball URL on an anonymous Cloudflare tunnel host...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday5 views

Malicious code in abuden226 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f8a4986d9e75be69083a7905e5ef5e4558e17fe8b9f15777a9cd692c882b9d6b The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday5 views

Malicious code in abuden227 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 424eb4c5daef762a3d9dd8a50b397d64812466368d7b044d4f65679e02659d83 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in sixseven8 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec482cba13f20090fc306d9a8c732ec4edbc8bb9326324f7dedfb544ad0d9a11 The package declares no install/postinstall/preinstall lifecycle scripts, and its declared main is sw.js — a browser ServiceWorker that uses...

6.2AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday6 views

Malicious code in abuden229 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 348ad89821b1ea36a325bc8f2e570b3a74e3a6238381106746bc31146c743fec The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSV
OSV
added yesterday2 views

MAL-2026-10386 Malicious code in testdonotredeemit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b9f9461b13f64b90e569dcc6354708559128c23f4e47e4ac5842b46ce0fb6ed2 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday2 views

Malicious code in nottuff1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5133eecd8c40ac8e4617b364ea9710a03f88e60f8e2d1252a8ee539282da29e1 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
Rows per page
Query Builder