Lucene search
K

380 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago12 views

Malicious code in @luminarycloudinternal/lcvis-st (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ce8dffb72c9f767cbd071bf482fce9acb1ff2283a4800b7862739348b7a89e24 Package @luminarycloudinternal/[email protected] is published to the public npm registry under an internal-looking scope with an artificially high...

5.9AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago6 views

Malicious code in express-mongo-limit (npm)

The npm package express-mongo-limit masquerades as an Express/MongoDB payload sanitization middleware likely typosquatting express-mongo-sanitize but is a credential stealer, remote-code-execution backdoor, crypto clipboard hijacker, and screenshot spyware. It declares a postinstall: node index.j...

6.2AI score
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/04 1:43 p.m.11 views

Malicious code in vps-maintenance (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da5dcc405a10775ace9fab68ee0a5ddf9bcad770d29e20f999df6d41072e46b1 On import of dist/server/index.js, a top-level block spawns a detached shell that 1 appends a hardcoded attacker ssh-ed25519 public key comment eni@l...

6AI score
Exploits0References3
OSV
OSV
added 2026/07/04 1:43 p.m.16 views

MAL-2026-6756 Malicious code in vps-maintenance (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 110b8556d612185c2c6ea84731898d4f23f04658556e1ff22852f953b956e43a The package.json postinstall script executes a Node one-liner that opens a TCP connection to the hardcoded IP 185.112.147.174 on port 7007 and spawns...

6.7AI score
Exploits0References2
OSV
OSV
added 2026/07/04 1:43 p.m.12 views

MAL-2026-6757 Malicious code in vps-maintenance-paperclip-adapter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0de46c3e339f828f4c86612ee8bf74a29edc636511e2eaa765d8a75699849da3 package.json declares a postinstall lifecycle script that runs an inline node -e payload opening a TCP socket to 185.112.147.174:7007 and piping it...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/04 1:42 p.m.10 views

Malicious code in paperclip2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6fbcfc445b1a599943dac3ca0691633629c6804037b38fcf6113062f6add848 package.json declares a postinstall lifecycle script that runs node -e code opening a TCP connection to 185.112.147.174:7007 and piping the socket to...

6.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/02 12:0 a.m.5 views

Malicious code in @marketfront/fashiononboardingpopup (npm)

The @marketfront/fashiononboardingpopup package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0...

6.3AI score
Exploits0References2
OSV
OSV
added 2026/07/02 12:0 a.m.4 views

MAL-2026-6767 Malicious code in @marketfront/basemarkettemplate (npm)

The @marketfront/basemarkettemplate package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and...

6.1AI score
Exploits0References2
OSV
OSV
added 2026/07/02 12:0 a.m.3 views

MAL-2026-6773 Malicious code in @marketfront/designsystemdevtool (npm)

The @marketfront/designsystemdevtool package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and...

6.2AI score
Exploits0References2
OSV
OSV
added 2026/07/02 12:0 a.m.5 views

MAL-2026-6780 Malicious code in @marketfront/footer (npm)

The @marketfront/footer package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/02 12:0 a.m.6 views

Malicious code in @marketfront/errorcounter (npm)

The @marketfront/errorcounter package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/01 8:37 p.m.11 views

Malicious code in polymarket-trading-developer-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 30ffc35841039a7a95d8b5590db211f34b662975513f3a054b8be282f0858c99 The package's postinstall lifecycle script performs install-time remote code execution. It reads a bundle URL from a JSON config hosted at...

6.4AI score
Exploits0References2
OSV
OSV
added 2026/07/01 7:15 p.m.7 views

MAL-2026-6710 Malicious code in vitest-agent (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e0165cbb3d6ed37a96889c4b016463706346e1c09413635c31ea1ceedde8774 The package's postinstall script node lib/utils/index.js spawns a detached, stdio-suppressed Node child process that runs...

5.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/30 2:2 a.m.11 views

Malicious code in anthropic-toolkit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 90ec82c6478e3a82eac71597b1c1fffc17d1b138e11e1a2aeadec7c00344c65e [email protected] is a typosquat against the @anthropic-ai/sdk ecosystem. The package ships no library code — its declared main dist/index.js i...

6.1AI score
Exploits0References23
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 5:51 a.m.9 views

Malicious code in ollama-helpers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 52323ef2a3908b7db1565ae149128d053363ab2612c7bc3a938c3f2d63c285cf scripts/postinstall.js executes automatically on npm install and performs a bulk harvest of installer-side identity and configuration data: OS hostna...

5.9AI score
Exploits0References24
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:17 a.m.9 views

Malicious code in yandex-geobase (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f6219d513896736aee31ce33719d6ae2d1f5b03293ecdfe884d944bbb3eb99a [email protected] squats the internal-sounding name 'yandex-geobase' and ships a postinstall script that performs an HTTP GET to a hardcoded bare-...

6.2AI score
Exploits0References6
OSV
OSV
added 2026/06/26 2:55 a.m.8 views

MAL-2026-6498 Malicious code in dttfdsdee (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae565bed85ec0db27f1ff658c7e9491591ce40edc56f423cd8b1122bc209c69c package.json declares a postinstall script that runs automatically on npm install. The script walks the entire filesystem with find to locate databas...

5.8AI score
Exploits0References7
OSV
OSV
added 2026/06/25 10:21 p.m.8 views

MAL-2026-6486 Malicious code in unsafe-malicious-package (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3579cb796e48f446b07e2dbbce2e301d1a3e87d8a9a35ed1dbe825fc53f29da9 On npm install, the package's postinstall lifecycle script scripts/postinstall.js reads the installer's AWS credentials file at /.aws/credentials and...

5.8AI score
Exploits0References9
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 10:21 p.m.8 views

Malicious code in unsafe-malicious-package (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3579cb796e48f446b07e2dbbce2e301d1a3e87d8a9a35ed1dbe825fc53f29da9 On npm install, the package's postinstall lifecycle script scripts/postinstall.js reads the installer's AWS credentials file at /.aws/credentials and...

5.8AI score
Exploits0References9
OSV
OSV
added 2026/06/25 5:6 p.m.8 views

MAL-2026-6466 Malicious code in gx-npm-feature-flags (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fcad1b944d9ceb92389673398df9f471911a788fe608774a3298c69900bb1c7 [email protected] is a dependency-confusion squat max-semver 99.99.99 on a gx--prefixed name to outrank a private internal package that...

5.8AI score
Exploits0References2
Rows per page
Query Builder