Lucene search
K

1244 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added yesterday3 views

Malicious code in abuden25 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2f03c9f736be5719a51f9b5cf2a256ab6d2a295f1fb79b7a937932f658d2e268 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday3 views

Malicious code in nottuff17 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 072d84530e09f130a4d3ffb8f525b8bbcc0833f402ddfb66ebb39e9f85155a09 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in abuden5 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0425e16f6f6a24f1e657ceb1c80a24330f655a496c9d1bb22a2de0cd41423f0a The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday3 views

Malicious code in nottuff2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2505cd60f257bd1c69e2bd6ccbaa987e2045a453adb8c0e1c529c34afade95c7 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday3 views

Malicious code in ratelimitsucks3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5a45b50938677bb4c4bcdeee48af3fd57a8204d48d6aff16a1351ae814491391 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in imillegal5 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f821da7c50910d456dfcf5a26ae1afd56a7ec95836a16f570edb014d02a6608 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday5 views

Malicious code in ishowfeet6 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36674107d4252d441750a35559267123dd2bcb958925071bef6475a41d6e519a The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday3 views

Malicious code in sixseven3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4c8f4197e26649b629a6605099f9ca45ff63f04e58e5021a0f1ed410ac56cfd1 The package declares no install/postinstall/preinstall lifecycle scripts, and its declared main is sw.js — a browser ServiceWorker that uses...

6.2AI score
Exploits0References4
OSV
OSV
added 6 days ago6 views

MAL-2026-6968 Malicious code in rony-testing (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector be1a5728b472335e46d1df74becaf6355424f1f32d068bb517c079d88cacc03c The package's postinstall hook auto-executes index.js on npm install. The script collects the installer's OS username os.userInfo.username, hostname...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added last week8 views

Malicious code in some-theme (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 97420170b95f54c404226b47901bbd45ec03ed0a427369b50add75297a2dcb80 Package [email protected] was scanned across 2 files with no a static rule matches and no behavioral findings. No install-time lifecycle execution, n...

5.9AI score
Exploits0References2
OSV
OSV
added last week6 views

MAL-2026-6942 Malicious code in some-theme (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 97420170b95f54c404226b47901bbd45ec03ed0a427369b50add75297a2dcb80 Package [email protected] was scanned across 2 files with no a static rule matches and no behavioral findings. No install-time lifecycle execution, n...

6.1AI score
Exploits0References2
OSV
OSV
added last week5 views

MAL-2026-6918 Malicious code in base58-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 60a7d188e2cd79918987f2008e93bb80ea9979d791b357f8f7cfd892321ded6c The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added last week7 views

Malicious code in express-deflect (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 284d3f4c5f55f69391b1172ba9d2c714e3ae358a2c92a501049a1495547e1588 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 6:59 p.m.8 views

Malicious code in txs-data (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 74154a8e4e769872929446eb17b4dc59a1b491508c7bd05e55d1cdb232ecf2aa The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/07/06 6:56 p.m.3 views

MAL-2026-6864 Malicious code in polymarket-onchain-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 718b7995129eb1a8723f77a2c24288aa0160db9903f33468a29a11ec3af29d1e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 6:55 p.m.4 views

Malicious code in npm-eslint-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dc5c1992c3d9f33bca28c1ce098d769809e44a12a671972925815e9890e5e9f4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/07/06 6:53 p.m.2 views

MAL-2026-6837 Malicious code in eth-tick (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f96638eb8282b1eccbe4d7c1b1076340ac1b870d325856e2ad5415c2bf2737eb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/07/06 6:50 p.m.5 views

MAL-2026-6803 Malicious code in big256-ts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 18f547bc04e09d0a4a99ac1e49992abd3dc35c02ad1bd963e8d0d07fd0e11464 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/07/06 12:0 a.m.6 views

MAL-2026-6938 Malicious code in pinokio-redis (npm)

pinokio-redis is a malicious npm package and part of the multi-wave "forge-jsx" cross-platform RAT campaign Wave 4. It was published by npm account 'donimique' [email protected]. The package.json description 'Node.js integration layer for Autodesk Forge' and the bundled README.md literally...

6.1AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/03 3:44 p.m.9 views

Malicious code in @lodash-en/lodash-en (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3ccf4c6fcb3eb02a4b990660b8a47961f0cd393915787990149de40ee1b201a0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
Rows per page
Query Builder