Lucene search
K

60 matches found

OSV
OSV
added 2026/06/23 7:33 p.m.4 views

MAL-2026-6337 Malicious code in hunsterx-package (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 32f2430d6e0da9484283d0012a16df0c593ccb5fa2a56ea727bd19ba435f964f preinstall.js executes a chain of evalBuffer.from'','base64'.toString payloads at npm install time. The decoded payloads collect host identity...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/25 6:12 p.m.10 views

Malicious code in @databus-service-ui/scroll-up-content (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 02414b019347c91f59a506d88dffc19306c7c287936df0d42327ad6b32eb0bf2 scripts/postinstall.js performs two independent attacker-benefit actions when npm install runs. First, it scrapes installer-side secrets — environmen...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/25 6:9 p.m.11 views

Malicious code in @service-user-notifications/set_notifications_not_removable (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a890f1cd8313de802c1425ca5603b7d1fabaf84cb1e47b582a4633dae34ccf14 On npm install, scripts/postinstall.js fetches a platform-specific binary from https://oob.moika.tech/payload/linux|mac|win, writes it to a hidden te...

6.5AI score
Exploits0References2
OSV
OSV
added 2026/05/25 3:39 p.m.9 views

MAL-2026-4420 Malicious code in @polka-ui/loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f93cf8dde7e6a1252424fc82f38e8502a37d9e427d92d412fd8944c91b8ee5a4 On npm install, scripts/postinstall.js downloads a per-OS payload from https://oob.moika.tech/payload/linux|mac|win, writes it to /tmp/.polka-uiinit....

5.8AI score
Exploits0References2
OSV
OSV
added 2026/04/29 12:0 p.m.5 views

MAL-2026-3180 Malicious code in nicegui (npm)

Malicious npm package published by threat actor "ryanmccollum1" typosquatting the popular Python NiceGUI framework. Part of the same supply chain attack campaign as redeem-onchain-sdk, which collects SSH keys, AWS credentials, .npmrc tokens, Docker auth, Chrome saved logins, .env files, and git...

5.4AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/29 8:0 a.m.7 views

Malicious code in apple-coredata-internal-service (npm)

Malicious npm package published by threat actor "raya4321" as part of a coordinated typosquatting campaign impersonating Apple internal infrastructure services authentication, PKI, telemetry, CloudKit, and cloud infrastructure. All packages in this campaign execute credential-theft payloads durin...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/17 6:20 a.m.7 views

Malicious code in renovate-config-doctolib (npm)

Malicious package due to data exfiltration via preinstall script, reading .npmrc, and sending data to a remote server. Few published versions. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector afc7e33b7c6ea9379f973a56f94e3b8ed59f0bc746733efa7dadba31141d0cd9 The...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/04/17 6:20 a.m.7 views

MAL-2026-2830 Malicious code in renovate-config-doctolib (npm)

Malicious package due to data exfiltration via preinstall script, reading .npmrc, and sending data to a remote server. Few published versions. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector afc7e33b7c6ea9379f973a56f94e3b8ed59f0bc746733efa7dadba31141d0cd9 The...

5.8AI score
Exploits0References1
EUVD
EUVD
added 2026/04/10 4:3 p.m.2 views

EUVD-2026-21436

OpenClaw before 2026.3.24 contains an arbitrary code execution vulnerability in local plugin and hook installation that allows attackers to execute malicious code by crafting a .npmrc file with a git executable override. During npm install execution in the staged package directory, attackers can...

8.4CVSS6.4AI score0.00136EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/10 4:3 p.m.1 views

CVE-2026-35641 OpenClaw < 2026.3.24 - Arbitrary Code Execution via .npmrc in Local Plugin/Hook Installation

OpenClaw before 2026.3.24 contains an arbitrary code execution vulnerability in local plugin and hook installation that allows attackers to execute malicious code by crafting a .npmrc file with a git executable override. During npm install execution in the staged package directory, attackers can...

8.4CVSS6.4AI score0.00136EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.7 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.24 contained security vulnerabilities. These vulnerabilities stemmed from arbitrary code execution vulnerabilities during the installation of local plugins and hooks. Attackers...

8.4CVSS6.5AI score0.00136EPSS
Exploits1References2
OSV
OSV
added 2026/03/30 6:52 p.m.1 views

GHSA-M3MH-3MPG-37HW OpenClaw has an Arbitrary Malicious Code Execution Vulnerability

Fixed in OpenClaw 2026.3.24, the current shipping release. Summary During the installation phase of OpenClaw local plugins/hooks, the Git executable can be hijacked by a project-level .npmrc file, leading to arbitrary code execution during installation. Details Please note that the source code...

8.6CVSS6.4AI score0.00136EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/03/30 6:52 p.m.12 views

OpenClaw has an Arbitrary Malicious Code Execution Vulnerability

Fixed in OpenClaw 2026.3.24, the current shipping release. Summary During the installation phase of OpenClaw local plugins/hooks, the Git executable can be hijacked by a project-level .npmrc file, leading to arbitrary code execution during installation. Details Please note that the source code...

8.4CVSS6.4AI score0.00136EPSS
Exploits1References4Affected Software1
Snyk
Snyk
added 2026/03/12 4:23 p.m.2 views

Malicious Package

Overview monorepo-cop is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior The package...

9.8CVSS5.9AI score
Exploits0References3
Snyk
Snyk
added 2026/03/12 4:23 p.m.3 views

Malicious Package

Overview dazaar-cli is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior The package...

9.8CVSS5.9AI score
Exploits0References3
Snyk
Snyk
added 2026/03/12 4:23 p.m.2 views

Malicious Package

Overview prefer-let is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior The package...

9.8CVSS5.9AI score
Exploits0References3
Snyk
Snyk
added 2026/03/12 4:23 p.m.4 views

Malicious Package

Overview peer-deps-external is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior The...

9.8CVSS5.9AI score
Exploits0References3
Snyk
Snyk
added 2026/03/12 4:23 p.m.4 views

Malicious Package

Overview styled-components-a11y is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior T...

9.8CVSS5.9AI score
Exploits0References3
Snyk
Snyk
added 2026/03/12 4:23 p.m.1 views

Malicious Package

Overview transform-jscript is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior The...

9.8CVSS5.9AI score
Exploits0References3
Snyk
Snyk
added 2026/03/12 4:23 p.m.3 views

Malicious Package

Overview modules-umd-systemjs is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior The...

9.8CVSS5.9AI score
Exploits0References3
Rows per page
Query Builder