Lucene search
K

9 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/18 4:29 p.m.9 views

Malicious code in abuden22 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c6b2d1b9158b6a3652850cdee84fd448567fc6d8187e685ee0b85eb8d594f57 The tarball contains a static-site bundle index.html, obfuscated asset chunks, service worker sw.js, and the MercuryWorkshop/Scramjet web-proxy bundl...

6.2AI score
Exploits0References4
OSV
OSV
added 2026/06/18 4:29 p.m.8 views

MAL-2026-6129 Malicious code in abuden22 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c6b2d1b9158b6a3652850cdee84fd448567fc6d8187e685ee0b85eb8d594f57 The tarball contains a static-site bundle index.html, obfuscated asset chunks, service worker sw.js, and the MercuryWorkshop/Scramjet web-proxy bundl...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/18 4:29 p.m.8 views

Malicious code in abuden218 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36e1df12b592dc442d5266d4244831fd0b6ceb94c0960a26815f5fad3246b828 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSV
OSV
added 2026/06/18 4:29 p.m.6 views

MAL-2026-6128 Malicious code in abuden218 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36e1df12b592dc442d5266d4244831fd0b6ceb94c0960a26815f5fad3246b828 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSV
OSV
added 2026/06/16 11:42 p.m.7 views

MAL-2026-5938 Malicious code in speed4 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0766e347295e7a13e0604a89de30f662a24b690598f1e4b01edaac5400178347 [email protected] is not a functional Node package. package.json declares main: sw.js, but sw.js is a browser ServiceWorker importScripts'./8cfc2/hgshm.js...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/16 11:42 p.m.12 views

Malicious code in speed4 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0766e347295e7a13e0604a89de30f662a24b690598f1e4b01edaac5400178347 [email protected] is not a functional Node package. package.json declares main: sw.js, but sw.js is a browser ServiceWorker importScripts'./8cfc2/hgshm.js...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/16 7:27 p.m.10 views

Malicious code in nottuff7 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 15a5e98054661d6eea29d8120457ffc7e00d7b516223a5fa6ec91355e9434652 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/16 7:27 p.m.10 views

Malicious code in nottuff4 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c4f105cfb08cd05b609d2fb92793d7f8cb61d42add7d39e2491e6ba791f550e1 Package ships a Scramjet-based web proxy sw.js service worker + bare-mux + WASM rewriter under assets/ plus a static 'Riverbend Tutoring' index.html...

6.1AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/16 7:27 p.m.9 views

Malicious code in nottuff15 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea629a411d1555cb4dbc80aa218539333aefce15e110ad0a5eaa16e4a58ab5f3 nottuff15 is one entry in a coordinated npm namespace-spam campaign. The tarball ships auto-publish.sh, a bash script that copies the package content...

6.1AI score
Exploits0References4
Rows per page
Query Builder