Lucene search
K

4483 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added yesterday5 views

Malicious code in abuden217 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 42fce03517a0e7a241f99d0ce806a5bb90a4f70b083a2997c80868f3bc37d4b4 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in abuden226 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f8a4986d9e75be69083a7905e5ef5e4558e17fe8b9f15777a9cd692c882b9d6b The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday3 views

Malicious code in abuden26 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 440fa1b32d35cf2c41253e2fd1f63095ea65ac7733fa48edc9abef43877659c7 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in sixseven2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 27752f42df81ff26081065ce5bf64d59fa477dfbed72d1afbd359bffd3ab52df The package declares no install/postinstall/preinstall lifecycle scripts, and its declared main is sw.js — a browser ServiceWorker that uses...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in ratelimitsucks2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0d35482838ac389f7af960c113776867c9c5a83b1995ad7ece20fd26b71918ce The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in sixseven1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 96e63dd12f3157bb49fe3951bfb356c83b4b7349eed5947af87b09c40c868382 The package declares no install/postinstall/preinstall lifecycle scripts, and its declared main is sw.js — a browser ServiceWorker that uses...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in backup3-ff (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a32646e3ad3e35186f8344c19ccdecfd69c26e8047fc44b77c0516b644fd094 The npm package [email protected] ships multiple heavily obfuscated JavaScript bundles under assets/ AccountPage, DarkVeil, GamesPage, PlusBlockedNote...

6.5AI score
Exploits0References2
OSV
OSV
added last week5 views

MAL-2026-6940 Malicious code in rnx-align-deps (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4fd85779926afc494fd03f154fa151e30ee831b5aa8f260e01b29ee8f7a676d5 No a static rule matches and no behavioral findings were produced for this package version. There is no evidence of credential access, network...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 6:58 p.m.7 views

Malicious code in stacknova (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4eea780e4546d725f38c35c635625e60354e7f48a79c1fcbe76f87e2498d9ce4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/07/06 6:58 p.m.3 views

MAL-2026-6887 Malicious code in tailwind-scroller (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 57d21e3f2b10a543d5deb6a3999b78e5414b55ad958ff7811d802cb42386fc8e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 6:53 p.m.7 views

Malicious code in log-upgrade (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f55c4d43e953e16c7d0325948c789e0fdf1acefaca4b47ceabf199a5288e6f82 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/07/06 6:53 p.m.3 views

MAL-2026-6837 Malicious code in eth-tick (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f96638eb8282b1eccbe4d7c1b1076340ac1b870d325856e2ad5415c2bf2737eb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 6:50 p.m.10 views

Malicious code in big256-ts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 18f547bc04e09d0a4a99ac1e49992abd3dc35c02ad1bd963e8d0d07fd0e11464 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 12:0 a.m.9 views

Malicious code in pinokio-redis (npm)

pinokio-redis is a malicious npm package and part of the multi-wave "forge-jsx" cross-platform RAT campaign Wave 4. It was published by npm account 'donimique' [email protected]. The package.json description 'Node.js integration layer for Autodesk Forge' and the bundled README.md literally...

6.1AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 12:0 a.m.9 views

Malicious code in zredis-typed (npm)

zredis-typed is a malicious npm package and part of the multi-wave "forge-jsx" cross-platform RAT campaign Wave 4. It was published by npm account 'donimique' [email protected]. The package.json description 'Node.js integration layer for Autodesk Forge' and the bundled README.md literally...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/03 4:6 p.m.14 views

Malicious code in web-api-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3ca2f8dce9e845346901818eadd06a0cda318c99ac3e059cd076d9f4065e2c17 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/03 3:37 p.m.11 views

Malicious code in @jacobtan/decode-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a99e8b0d7812c216410fc0ff557698f61a595d4ded8579c18fab63ab3ac8b924 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/07/03 3:37 p.m.8 views

MAL-2026-6738 Malicious code in @jacobtan/decode-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a99e8b0d7812c216410fc0ff557698f61a595d4ded8579c18fab63ab3ac8b924 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 2:0 p.m.7 views

Malicious code in authmatrix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 58eb7642f8d7e2fb2e898277c6961d2538f40766777a679020f4872b29925806 The package is published as 'authmatrix' with a description suggesting basic auth functionality, but its lib/ tree is a copy of the pino logger and i...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 12:15 p.m.8 views

Malicious code in poly-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f5aab464aac47233efb564c52d5818fef783efa856f8318c61d61ef99ca0da4e The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
Rows per page
Query Builder