Lucene search
K

41 matches found

OSV
OSV
added 2026/05/25 6:11 p.m.14 views

MAL-2026-4438 Malicious code in @service-suppliers/suppliers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a79ca8ef6257be2fbac9c361b969d9e63ce6a833e42dafa4b558e1f805276502 On npm install, scripts/postinstall.js performs two attacker-benefit actions against the installer. First, it scrapes installer-side credentials: it...

5.8AI score
Exploits0References2
EUVD
EUVD
added 2025/11/12 10:25 p.m.3 views

EUVD-2025-136045

Malicious code in itale-dci-rfsrgget npm...

6.6AI score
Exploits0
OSV
OSV
added 2025/11/12 4:47 p.m.2 views

MAL-2025-170525 Malicious code in verify-ticul-biua (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 656151952a5426123f1a554585cf5d30ab963f712c3ab0eea3a32fa6d6452c33 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/11 4:25 a.m.1 views

Malicious code in joko-martabak59-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 77dc3cc512e83817db5b674697cb6d4471aa482db96ff58e5bb74597b342641b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
Snyk
Snyk
added 2025/10/02 2:22 p.m.2 views

Malicious Package

Overview lovable-react is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score
Exploits0References2
Snyk
Snyk
added 2023/06/06 8:20 a.m.2 views

Malicious Package

Overview @egds/lodging is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

9.8CVSS7.1AI score
Exploits0References3
Snyk
Snyk
added 2023/04/04 8:19 a.m.2 views

Malicious Package

Overview gina is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was installe...

9.8CVSS7.1AI score
Exploits0References3
Snyk
Snyk
added 2023/04/04 8:19 a.m.2 views

Malicious Package

Overview @miro-site/localization is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

9.8CVSS7.1AI score
Exploits0References3
Snyk
Snyk
added 2023/03/13 8:18 a.m.2 views

Malicious Package

Overview react-screen-reader-announce is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if...

9.8CVSS7.1AI score
Exploits0References3
Snyk
Snyk
added 2023/03/01 8:20 a.m.2 views

Malicious Package

Overview scuid-x is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

9.8CVSS7.1AI score
Exploits0References3
Snyk
Snyk
added 2023/03/01 8:18 a.m.3 views

Malicious Package

Overview sapling-output-plugin is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

9.8CVSS7.1AI score
Exploits0References3
Snyk
Snyk
added 2023/03/01 8:18 a.m.4 views

Malicious Package

Overview gateleen-hook-js is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package...

9.8CVSS7.1AI score
Exploits0References3
Snyk
Snyk
added 2023/02/21 8:16 a.m.2 views

Malicious Package

Overview tools-access-react-redux-router is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable i...

9.8CVSS7.1AI score
Exploits0References3
Snyk
Snyk
added 2023/02/21 8:16 a.m.2 views

Malicious Package

Overview tslint-ymaps-rules is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packag...

9.8CVSS7.1AI score
Exploits0References3
Snyk
Snyk
added 2023/01/29 3:29 p.m.1 views

Malicious Package

Overview @absis-components/ui-core-elements is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerabl...

9.8CVSS7.1AI score
Exploits0References3
Snyk
Snyk
added 2023/01/29 3:29 p.m.1 views

Malicious Package

Overview @att-bit/duc.components.cardshell is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable...

9.8CVSS7.1AI score
Exploits0References3
Snyk
Snyk
added 2023/01/29 3:29 p.m.2 views

Malicious Package

Overview @nelio-content/data is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packa...

9.8CVSS7.1AI score
Exploits0References3
Snyk
Snyk
added 2023/01/29 3:29 p.m.2 views

Malicious Package

Overview @playgami/eslint-config-portal-typescript is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only...

9.8CVSS7.1AI score
Exploits0References3
Snyk
Snyk
added 2023/01/29 3:29 p.m.3 views

Malicious Package

Overview @nelio-content/types is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

9.8CVSS7.1AI score
Exploits0References3
Snyk
Snyk
added 2023/01/29 3:29 p.m.4 views

Malicious Package

Overview qb2 is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was installed...

9.8CVSS7.1AI score
Exploits0References3
Rows per page
Query Builder