Lucene search
K

4 matches found

OSV
OSV
added 2026/06/11 1:57 a.m.11 views

MAL-2026-5541 Malicious code in @w2d/web-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b8292b80f3e692b249561a14d94d2dfa0196f2377e7eee027b8dd630d251bd1 The package targets the @w2d scope with an artificially high version 2.999.999 — the canonical dependency-confusion shape designed to outrank an...

5.4AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/25 2:15 p.m.17 views

Malicious code in platform-tempo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6d1c69e098c3ebeb2876b746523bea0220034b429f58e0a55683f0ee2c8776cd [email protected] declares a preinstall hook that runs poc.js on every npm install. The script collects host identity os.hostname, whoami /all /...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/25 2:15 p.m.8 views

MAL-2026-4641 Malicious code in platform-tempo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6d1c69e098c3ebeb2876b746523bea0220034b429f58e0a55683f0ee2c8776cd [email protected] declares a preinstall hook that runs poc.js on every npm install. The script collects host identity os.hostname, whoami /all /...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/06/17 5:33 a.m.5 views

Malicious code in @zyp3_/api-ecom-errors (npm)

The package contains code that makes a suspicious HTTP request to an OAST domain, suggesting data exfiltration or unauthorized tracking. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3906662b72961a45e2a5f250c4204f6ae4c310f177e6e8dfaa97db0a1566b188 Any computer tha...

7.1AI score
Exploits0References2
Rows per page
Query Builder