Lucene search
K

8 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 2:18 a.m.11 views

Malicious code in mongoose-json-format (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 910cc6eef707ac872daeb3a527e6dd9c75044ebb178f9eb48745f5cfd4123968 helpers.js defines a createLog helper that base64-decodes a constant HASHKEY to https://www.jsonkeeper.com/b/XVHGD an anonymous JSON-paste host and...

6AI score
Exploits0References3
OSV
OSV
added 2026/06/13 8:13 p.m.16 views

MAL-2026-5743 Malicious code in environment-gate (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 80dc74c6c5240e9c146e476300b44582cc114cf1827319ba81d2bcae2d64c2cf index.js contains a commented-out line that, if uncommented, would base64-decode the URL https://www.jsonkeeper.com/b/VKUNI, fetch its contents via...

6.2AI score
Exploits0References3
OSV
OSV
added 2026/06/11 7:24 a.m.12 views

MAL-2026-5604 Malicious code in cache-section-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cad3d2732831e4b798073aff289abd1abdbb718b4caa9e4f970a0dd3f7733653 package.json declares a postinstall hook node -e "require'./loader.js'" that runs automatically on every npm install. loader.js hex-decodes the strin...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 7:24 a.m.25 views

Malicious code in cache-section-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cad3d2732831e4b798073aff289abd1abdbb718b4caa9e4f970a0dd3f7733653 package.json declares a postinstall hook node -e "require'./loader.js'" that runs automatically on every npm install. loader.js hex-decodes the strin...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/05/25 9:8 a.m.10 views

MAL-2026-4511 Malicious code in chai-as-patch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c0f6b316992ec48b2d29d234f9debebcf239653a2371d54ab9f6e487c4fdba7b This package is a typosquat of chai-as-promised that delivers remote code execution to any installer that requires it and invokes the exported...

6.5AI score
Exploits0References1
OSV
OSV
added 2026/05/20 1:9 a.m.10 views

MAL-2026-4571 Malicious code in get-deps-path (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 65fa6f34a831aa832f9d88019ce3d0f4011701df6ab0667bd263645208c978ce On require, get-deps-path immediately invokes getPlugin, which performs an HTTP fetch to https://jsonkeeper.com/b/QBRMI an anonymous public paste hos...

6.1AI score
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 1:9 a.m.16 views

Malicious code in get-deps-path (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 65fa6f34a831aa832f9d88019ce3d0f4011701df6ab0667bd263645208c978ce On require, get-deps-path immediately invokes getPlugin, which performs an HTTP fetch to https://jsonkeeper.com/b/QBRMI an anonymous public paste hos...

6.1AI score
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/19 5:4 p.m.13 views

Malicious code in prettier-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 80a3bdd18c28c0c045aaed2a3e5725b3b38cb45bc9c16d0b795c4334caed17a5 Package name prettier-sdk impersonates the top-tier prettier package 50M weekly downloads, copying its README verbatim and forging metadata repositor...

5.7AI score
Exploits0References2
Rows per page
Query Builder