Lucene search
+L

4329 matches found

ossf
ossf
added yesterday4 views

Malicious code in vor8zakon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 99924288481504c324c3f573ba7ba99ac4e1c7a7f22a940c94d81059b868fdfd Package advertises itself as 'A simple cryptographic library for JavaScript applications' but ships no crypto code and exports nothing. package.json...

6.1AI score
Exploits0References2
osv
osv
added 2 days ago6 views

MAL-2026-10659 Malicious code in @sauruslord/libsignal (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b0c2cf2672d98396a7b66cb732741d269732f5faae72293ea46e06b879e7a45b Package name impersonates Open Whisper Systems' libsignal-node but ships unrelated code. On require of index.js, after a 1-second delay, install.js...

6.1AI score
Exploits0References2
osv
osv
added 3 days ago4 views

MAL-2026-10595 Malicious code in nodemon-plint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c287effa0f498762ab73bfc0e4428b4d0afbc05435b1613459f9024d0b97927 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
ossf
ossf
added 3 days ago9 views

Malicious code in @flcik/flick.js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d31c087b34f156cf2b5ae7070222a57e2d760d68f9c4c73721c2800eb7b6bf62 @flcik/[email protected] replicates the discord.js public API surface FlickClient, GatewayIntentBits, SlashCommandBuilder, ButtonStyle, MessageFlags, th...

6.1AI score
Exploits0References10
ossf
ossf
added 4 days ago7 views

Malicious code in nodemon-eslint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 50c506d75221403cde50b724defdd5c71441614ab87b54ff1ffa2a24af89678e The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
osv
osv
added 4 days ago4 views

MAL-2026-10475 Malicious code in @dervix/socket.io (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c299d96dca6144eec3e8be8770c98430139e9b6b982762da448ef50b7bde06a The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References8
osv
osv
added 4 days ago3 views

MAL-2026-10430 Malicious code in prettier-plugin-base (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e4c522699877c1eca1bb9c838a443e3c4bfa21950cf5c5b1d23182ae91a534e The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
ossf
ossf
added 4 days ago7 views

Malicious code in tipsen-poc-again (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c0977477bc81c656f52fb981657983580b411dda6d2c6766ba4d6a35fe4ae970 package.json declares its sole runtime dependency safe-chain-test as an HTTPS tarball URL pointing at a trycloudflare.com quick-tunnel host...

6.3AI score
Exploits0References2
ossf
ossf
added 4 days ago7 views

Malicious code in abuden223 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16b3eb424174fa150faf06029c6808e9bb0e7e235b73c0b9fc8a6fe33e32fa8b The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
ossf
ossf
added 4 days ago6 views

Malicious code in ishowfeet13 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 20bca534c9132e075eb12129f9986f32127805ef4e81a801de877aaf3a9bda6e The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
ossf
ossf
added 4 days ago8 views

Malicious code in nottuff10 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aec6b68489cb95001c5971ace33533e31169126fb141feea65e198756e66c05c The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
ossf
ossf
added 4 days ago8 views

Malicious code in nottuff27 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0b836372198329677623bb152dc7db76b249d842c0d10a3ec94d9ce2ae467827 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References3
ossf
ossf
added 4 days ago5 views

Malicious code in nottuff13 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 79fcdb937c07c7ec8c87b884a8410166890165c5e9554397ed5ebcb1a5e58cf7 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
ossf
ossf
added 4 days ago5 views

Malicious code in nottuff24 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 98d91c65c2ae847d5e741575bbc60ac69c0d2aca4973888c6ce2fc85daac3e30 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
ossf
ossf
added 4 days ago6 views

Malicious code in miguelphonk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 75c26ae2a9608c5a861f096563a0ef1171cb898403537612739792024abcc2ff The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
ossf
ossf
added 4 days ago6 views

Malicious code in backupsitetuff9 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 19023e9ea0dfa0d26e43e282c2238e33aa89d73921279d5838ae18767cbca871 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References3
ossf
ossf
added 4 days ago6 views

Malicious code in speed2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 47ee5a1e5570a63d86ae75e5eaa2bf0553516a6796d51c0f7479796470f34708 [email protected] is not a functional Node package. package.json declares main: sw.js, but sw.js is a browser ServiceWorker importScripts'./8cfc2/hgshm.js...

6.1AI score
Exploits0References3
ossf
ossf
added 4 days ago6 views

Malicious code in ishowfeet2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 33cbeb0130c1ef8842cc7d912f9d12b756efd200949266a3232a83cbfd2cdce4 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
ossf
ossf
added 4 days ago6 views

Malicious code in ishowfeet12 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b60cb6a8169d535b5e52d5fa3cb7a1a16bf4f2d15f87d894a4111da9b74fedae The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
ossf
ossf
added 4 days ago3 views

Malicious code in imillegal1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 85b8bddd4b8345bfaacf5ad511276da43344de0033bc312123620aa6cc6e4366 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
Rows per page
Query Builder