109 matches found
Malicious code in asuuuuu (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 40d2219a3e70e5af240f63d41ab082cad543b84acf2abd045011db292bc69654 The OpenSSF Package Analysis project identified 'asuuuuu' @ 3.1.3 npm as malicious. It is considered malicious because: - The package communicat...
Malicious code in graph-studio-billing-contracts (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware afd4325b249b7dfad124c21ffe39f85d2e38f1b6c2d31361f81e821adb8365ea Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in codeql-extractor-iac-action (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a3f77f847f2c7d09571ef2516734c1d483d434e0980f32c21967900b8d28dd4c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in viewercontext (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9d130e5ac790b05038b23ecd7f937fd9b35a2ddc5696e069991b3f620e23c308 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in seller-listing-rn-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e23cba6309c9c7f574fea48f93b903b4f5f0034336458aa526547e06464dc2c6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in careers-job-detail (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 16052b4d2e03953110406185695adc84ab3af8481eb5790e4b4c0f1421bc1b9f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in language-matlab (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4c3bff0146045d9130d2bb2523e15b9f1e582a33f6ba1e2a33524ffe5bb05732 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in easydicts (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 9206e6e8b697ab23f82a17cb169a867896f4f8469351b31cbb31f41bee662cee A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...
Malicious code in usss (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 252cdf6830dae64423e603510c0465768ef7d1134896697f352a8949c12d5c2c A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...
Malicious code in @toloka-tb/core (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c655dc69b310808896f252e5607b9dd8c4bd54b9d139caa655f5816f2269abd4 The OpenSSF Package Analysis project identified '@toloka-tb/core' @ 2.5.0 npm as malicious. It is considered malicious because: - The package...
Malicious code in sc-meta-layer (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8e8afeccfd77a3b36e9c24aa1057807ba8f2a18972791b3cbc857e3d961e60d8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in dx-hotels-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 757cbf55b30ccb4cbbf7c26afbc8eb1493280155f0ae8578700044d07a611f5c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in mhnumjp (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 371f7362253fbbd65f7a86aac45e8363e35760789892d19b77a4a09ee4d76ecf The OpenSSF Package Analysis project identified 'mhnumjp' @ 1.999.1 npm as malicious. It is considered malicious because: - The package...
Malicious code in ent-file-upload-widget (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e476e9a95e121c935215443a2069d17764649684cdf226b5d429ea50a9c8c422 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in sap-at (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis af773cc64d0bc11506f1b43171d7266fb59e5a34603003653cbcc43f1ad02ffd The OpenSSF Package Analysis project identified 'sap-at' @ 0.0.0 npm as malicious. It is considered malicious because: - The package communicate...
Malicious code in aws-logs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4707229414d50f1284c7a7b64169463a7c7ca779faf42df6b059947dfd1b79eb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @ing-caf/cdn-proxy-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 24ccbe0b13f81d2fe8d285bab144167d33f7b4e167833ebf615411db6d318eb6 The OpenSSF Package Analysis project identified '@ing-caf/cdn-proxy-plugin' @ 200.0.2 npm as malicious. It is considered malicious because: - Th...
Malicious code in commitlint-config-ifood (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 82ce80367972231229038d234d1114c39f459b1c4bfe4a03392a3cfa35d4454b The OpenSSF Package Analysis project identified 'commitlint-config-ifood' @ 1.95.102 npm as malicious. It is considered malicious because: - The...
Malicious code in wdpr-device-detection (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 0e68ddd57d0cced6084c7770f4e48230e223d896f927b8952e4cf5d05caa721f The OpenSSF Package Analysis project identified 'wdpr-device-detection' @ 24.7.16 npm as malicious. It is considered malicious because: - The...
Malicious code in richcolor (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 50d5904bd379a75fd43115d7339df3d79f87ec691026774160b15b8632a9f8ae Packages either test the malicious behaviour, or actually download and run a simple remote script during the installation. --- Category: PROBABLYPENTEST -...