Lucene search
K

902 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added yesterday3 views

Malicious code in @gleamkit/engine.io (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 008464ca4d7ba15b4b8c6d3a979586c61bd527aef3a209571d28c0ba912403ae The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday3 views

Malicious code in testdonotredeemit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b9f9461b13f64b90e569dcc6354708559128c23f4e47e4ac5842b46ce0fb6ed2 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday5 views

Malicious code in ishowfeet20 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 57470f610cd7e988daef50a3a2587778f3dce2cb1584572d4a1795876f9cf6fe The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in nottuff30 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f4a979285347756e69976ca9775cf22e923002ec93ede98adc0dccd7999ea087 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday5 views

Malicious code in nottuff10 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aec6b68489cb95001c5971ace33533e31169126fb141feea65e198756e66c05c The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday3 views

Malicious code in imillegal1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 85b8bddd4b8345bfaacf5ad511276da43344de0033bc312123620aa6cc6e4366 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday3 views

Malicious code in changiairportpromax (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 13ab194f6c4e1d4197856c229f74ebf46e7eb90ff703ff4dc3172379aea96923 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago10 views

Malicious code in txs-builder-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55bb13d76ebc74c36f68dd219079500d0bdb60e4bc07f8089eefbcde91bbdeac The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago11 views

Malicious code in na-rony (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 193f3dbfb6073e7b6c5dacb0e79157ccac9c69ac4c23d2c8270cc23d27cab699 package.json declares postinstall: node index.js, causing index.js to execute automatically on npm install. The script collects the installer's OS...

6AI score
Exploits0References5
OSV
OSV
added last week7 views

MAL-2026-6952 Malicious code in whs4_npm_test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 68d797ee3c8111cffee8603aa24625cb71a7f958438e33207b33376b260acc59 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References5
OSV
OSV
added last week7 views

MAL-2026-6934 Malicious code in load-nuxt (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d5e95bb337136d6bfafcd6f21bb8cb1d98da703f7e20b851b3af82876018ffac Package name resembles the Nuxt ecosystem's helper naming 'load-nuxt' and is published at version 99.0.3, a version-number shape frequently used in...

6.2AI score
Exploits0References2
OSV
OSV
added 2026/07/06 7:0 p.m.4 views

MAL-2026-6902 Malicious code in wime-zle (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a3e5a49f13ac5ae3e92267b63357dc81d37b138ed5981949b12e51a09095e2b0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/07/06 6:58 p.m.4 views

MAL-2026-6894 Malicious code in tracing-str (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 466143b5f195d4924e2227921a288954ecec9ed34d52af8ff433056f5ff56903 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 6:53 p.m.7 views

Malicious code in metrica-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6a0ee3435b3bf0949e63f6770b91c6bb1e2d7912054dc1cb9382e3eae20c84ac Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 6:53 p.m.6 views

Malicious code in eth-tick (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f96638eb8282b1eccbe4d7c1b1076340ac1b870d325856e2ad5415c2bf2737eb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/07/06 6:53 p.m.7 views

MAL-2026-6822 Malicious code in fastnodemailer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 767201ea4bfd4f0c6950f9d6fadf4f9e38c9e72e56abd975ac1b49864ffc04a6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/07/06 6:2 p.m.7 views

MAL-2026-6825 Malicious code in react-next-dom (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e7369fd2dd1ba9002d2c693ba08c553c7c6fef54dba372146c11f20b43607aa react-next-dom masquerades as a React/Next.js ecosystem package but ships a pino-like surface concealing a remote code loader. The main export is a...

6.6AI score
Exploits0References3
OSV
OSV
added 2026/07/03 3:44 p.m.5 views

MAL-2026-6739 Malicious code in @lodash-en/lodash-en (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3ccf4c6fcb3eb02a4b990660b8a47961f0cd393915787990149de40ee1b201a0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
CVE
CVE
added 2026/07/01 3:36 p.m.18 views

CVE-2026-58454

Affected product : JAIOTlink C492A-W6 Wi‑Fi IP cameras running firmware 4.8.30.57701411. Vulnerability : remote code execution via the authenticated /Anyka/config HTTP endpoint. Root cause / vector : attackers with authentication can write to writable persistent JFFS2 storage, stage a malicious s...

7.7CVSS6.6AI score0.00523EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/30 3:13 p.m.9 views

Malicious code in confluent-kafka-javascript (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e20f9433c5da4c3ee143c33ec2a876e07ff01aa1188d0efa783858bcd0903d3c Analysis of this package version produced no static indicator and no traced behavioral findings. The tarball does not exhibit lifecycle-script...

6.2AI score
Exploits0References2
Rows per page
Query Builder