Lucene search
K

6 matches found

OSV
OSV
added 2026/06/18 3:55 a.m.7 views

MAL-2026-6091 Malicious code in datacamp-light (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4dbdcc4ef12aca6461f8e765976a7b2b33099a1791a7aee7e353371b7954a91c Package impersonates the DataCamp brand while shipping near-empty stub exports index.js init/helper return trivial constants. The postinstall lifecyc...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 6:33 a.m.11 views

Malicious code in gpt-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8b9bdc5e04979d5b4f73407bcedaecc9df24dbb03e0bfbc0edefe333023dc50c On npm install, postinstall.js runs unconditionally and collects a wide range of installer-side reconnaissance data: hostname and FQDN, contents of...

5.5AI score
Exploits0References9
OSV
OSV
added 2026/06/11 6:33 a.m.11 views

MAL-2026-5612 Malicious code in gpt-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8b9bdc5e04979d5b4f73407bcedaecc9df24dbb03e0bfbc0edefe333023dc50c On npm install, postinstall.js runs unconditionally and collects a wide range of installer-side reconnaissance data: hostname and FQDN, contents of...

5.5AI score
Exploits0References9
OSV
OSV
added 2026/06/09 4:7 p.m.7 views

MAL-2026-5391 Malicious code in @0xlr/vercel-analytics (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fda046018b2c121cb96e157cadce6d8aee695beb7086008140da0a9c6eebc938 On npm install, postinstall.js enumerates every process.env variable including credentials such as AWS, NPMTOKEN, GITHUBTOKEN and other CI tokens and...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/21 12:47 p.m.11 views

Malicious code in zest-product (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c9081ad708b658c1bd56299e401ca6a764cc9137d99573bc922d38a7381cc30d On npm install, postinstall.js collects host identity and environment data os.hostname, username, process.cwd, process.env values, plus shelled-out...

5.8AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 3:57 a.m.14 views

Malicious code in @pluxee-connect/api-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0f5056dda18e9a9f440db7379d09fa1f9f7ff087ac00d6684170cddd40c240e9 On npm install, postinstall.js collects os.hostname, os.userInfo, and process.version and transmits them over plain HTTP to...

5.8AI score
Exploits0References2
Rows per page
Query Builder