Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

OSSF Malicious Packages
OSSF Malicious Packagesadded 3 days ago6 views

Malicious code in commons-ui-styles (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8b9fb701d18bde61d1dc783f0575a4d83bc0eba2653bd0832d0fc26bc9e85b48 [email protected] is an empty placeholder package index.js exports , description/author blank, version bumped to 99.9.1 — the classic...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packagesadded 2025/05/05 7:16 p.m.2 views

Malicious code in placeholdr (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a7d66d11f753c13ea251285ba697e1ec1be39a242effd08950d5fb3fff850ca7 Any computer that has this package installed or running should be considered...

6.8AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packagesadded 2025/03/24 10:27 a.m.3 views

Malicious code in team-bsb-bot (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: oracle-using-macaron da5627aaacdf2bd8ab0ce2e469ea8635108e857776ed8766ee9df47c4b66aaa8 This package appears to be part of a larger ecosystem acting as a placeholder for orchestrating interactions with other bsb malicious packages...

6.8AI score
Exploits0
Snyk
Snykadded 2022/09/19 3:15 p.m.2 views

Malicious Package

Overview democritus-json is a malicious package. This package is used for dependency confusion attempts and contains malicious code. The package now exists as a placeholder on PyPI. Remediation Avoid using all malicious instances of the democritus-json package. References - GitHub Issue - GitHub...

9.8CVSS6.9AI score
Exploits0References3
Snyk
Snykadded 2022/09/19 3:15 p.m.3 views

Malicious Package

Overview democritus-networking is a malicious package. This package is used for dependency confusion attempts and contains malicious code. The package now exists as a placeholder on PyPI. Remediation Avoid using all malicious instances of the democritus-networking package. References - GitHub Iss...

9.8CVSS6.9AI score
Exploits0References3
Snyk
Snykadded 2022/09/19 3:15 p.m.2 views

Malicious Package

Overview democritus-timezones is a malicious package. This package is used for dependency confusion attempts and contains malicious code. The package now exists as a placeholder on PyPI. Remediation Avoid using all malicious instances of the democritus-timezones package. References - GitHub Issue...

9.8CVSS6.9AI score
Exploits0References3
Snyk
Snykadded 2022/09/19 3:15 p.m.1 views

Malicious Package

Overview democritus-math is a malicious package. This package is used for dependency confusion attempts and contains malicious code. The package now exists as a placeholder on PyPI. Remediation Avoid using all malicious instances of the democritus-math package. References - GitHub Issue - GitHub...

9.8CVSS6.9AI score
Exploits0References3
Rows per page
Query Builder