Lucene search
K

176 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago5 views

Malicious code in @dervix/socket.io (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c299d96dca6144eec3e8be8770c98430139e9b6b982762da448ef50b7bde06a The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References8
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago4 views

Malicious code in abuden26 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 440fa1b32d35cf2c41253e2fd1f63095ea65ac7733fa48edc9abef43877659c7 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 6:53 p.m.7 views

Malicious code in log-upgrade (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f55c4d43e953e16c7d0325948c789e0fdf1acefaca4b47ceabf199a5288e6f82 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/06/23 12:15 p.m.7 views

MAL-2026-6285 Malicious code in new-solt (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d5a46a9516de2c87a2d451b78ace7033fb9dffa9faa4216b84eb068136098cfa Package [email protected] contains index.js which imports childprocess and invokes execSync with bash and zsh shell strings around lines 315 and 331...

6.3AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/19 8:28 a.m.11 views

Malicious code in ts-esys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 041ff0fd2b76f380705ef23061ebfe469477b2fbec8e025eab49a557431a551e The package is published as ts-esys but its package.json author, repository URL, funding metadata, and README are copied verbatim from MikeMcl/big.js...

6.2AI score
Exploits0References2
OSV
OSV
added 2026/06/17 5:5 a.m.6 views

MAL-2026-5996 Malicious code in @mastra/agent-browser (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 49ba6a41e7e43733a8334968ce740af8771208c66c7529d9f4319bd62e39601d @mastra/[email protected] declares a dependency on 'easy-day-js@^1.11.21' in package.json, but the package's own compiled code in dist/index.js nev...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 4:58 a.m.9 views

Malicious code in @mastra/deployer-netlify (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2fc319f7f95075b9eb23f3c1dbde016dd6f4a23add16bf96a3449149d316d571 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/06/17 3:11 a.m.9 views

MAL-2026-5939 Malicious code in @mastra/ai-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 98257d70b56e46a3dcd690478b15c54fb55c270db969b777c0cb42bec21ace37 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/29 10:9 p.m.16 views

Malicious code in hardhat-evmchain (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0f369bb56919b0bda50e063229cfaf0fd1b0481d62c6d5fbdf90eb6e5cd6ac6e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/29 10:3 p.m.18 views

Malicious code in tailwind-smooth-slider (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b613524a54cbd80614c087930d4df2de524b7a594cadc3469723bb38e5cc8516 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/12 12:22 a.m.12 views

Malicious code in @squawk/navaids (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eb4f88ca950b4d0ba1fb9666f866d8c742a9b0aeeb2657fadae9ed5dcd30359c The package @squawk/navaids was found to contain malicious code. Source: ghsa-malware 62f878f444def0ffdccd14f64cba4ee46bf960745aefb09d0c0ee16ed5ded86...

5.8AI score
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/12 12:21 a.m.12 views

Malicious code in @tanstack/router-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 44bca8f9294a1b6c949228c6741851305336a0b694ce00617c6fcd4b220c30a1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/20 4:48 a.m.6 views

Malicious code in woltpickerapp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a6352ffe541b2fd35eb37ebb5dbdc78f1f57a51d31b36c6fcae39d21f97c594 The package woltpickerapp was found to contain malicious code. Source: ghsa-malware b0c8234f6a72b4da77be49eb19f15dc41dd1d94b6b8b9bc4bffd3ef9ddb4316b...

5.7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/16 12:0 a.m.9 views

Malicious code in vue-scoped-css (npm)

The package 'vue-scoped-css' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server npm.jpartifacts.co...

5.5AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/16 12:0 a.m.6 views

Malicious code in lit-a11y (npm)

The package 'lit-a11y' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server npm.jpartifacts.com...

5.5AI score
Exploits0References3
OSV
OSV
added 2026/03/05 4:0 p.m.7 views

MAL-2026-1253 Malicious code in pear-apps-utils-date (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 65df5bee974b55dfd58d5816e480664604e9d8b3bf6a7c27c22b92aefeaca124 The package pear-apps-utils-date was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/02 2:21 a.m.11 views

Malicious code in mqttoken (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8aca93be8c1540d3f53af3e84ab54ac100f00390a05d10931f80ca2941beeb39 The package mqttoken was found to contain malicious code. Source: ghsa-malware c91a888cf7be32a16813cf296ec094ba2d56bf4706c030246a92f686bac1ea2c Any...

5.7AI score
Exploits0References1
OSV
OSV
added 2026/02/13 2:1 p.m.5 views

MAL-2026-883 Malicious code in ecosystem_ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4987a955f090814c8e125cdaca051b7d106fc4e853cc4e45bc253fbb444f8d94 The package ecosystemui was found to contain malicious code. Source: ghsa-malware 31a22a7e3ce76544adef6885be748f17910483d02a1f19395a520b918516ea63 An...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/02/13 1:50 p.m.11 views

Malicious code in console-style-pro0o0o0o (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0fe7407a5523ef7efe6bec615d9601fe978b9e5de59d19d7e8e2ff054c5e09e9 The package console-style-pro0o0o0o was found to contain malicious code. Source: ghsa-malware...

5.6AI score
Exploits0References1
OSV
OSV
added 2026/02/05 1:7 a.m.6 views

MAL-2026-750 Malicious code in dspmobile (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dcd390d34dbfd7246c65b551f8b71dfaba4b78fa438e818cab41a0ea35716c21 The package dspmobile was found to contain malicious code. Source: ghsa-malware 73466b34e7f0da321f410baa9db15370fbf0563af429ef587315608e3507f2b6 Any...

5.5AI score
Exploits0References1
Rows per page
Query Builder