Lucene search
K

190 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added yesterday5 views

Malicious code in akshajrawat.utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 105157af41712b64f8b36ec1cb01e28958e4ad828a0c08d0979a1f6e22d1f13d The package's package.json declares a postinstall lifecycle hook that runs automatically on npm install: node -e...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago4 views

Malicious code in ishowfeet7 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5a0de358553ac2a1ae1c023045198f32ac910277cdd2a696762cf91346362dbc The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/07 3:13 p.m.11 views

Malicious code in notifier-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6a5846e3c26fdded8225d54ec017b01be255353470c39a780bbd9b556c059120 The package presents itself as a pino-compatible logger README, keywords, and a module.exports.pino alias mirror the pino identity, and lib/ replicat...

6.3AI score
Exploits0References5
OSV
OSV
added 2026/06/17 4:59 a.m.8 views

MAL-2026-6040 Malicious code in @mastra/turbopuffer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d73c50676f96c5af47167ce4405b1f53a38feb3cbd8a3eaf93fe262479680403 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSV
OSV
added 2026/06/11 4:4 a.m.12 views

MAL-2026-5584 Malicious code in justgetit (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f6e3691bf83f31d1f1dd45e3224151455cbcf6b03acf1d50a25a96eb69ef3065 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/10 11:36 a.m.11 views

Malicious code in csc154-internall-depend (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 468d4fe797c3be3e29ea6da37c1b04112162bd349f7aea270cdbc4ba929d945d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/01 12:0 a.m.18 views

Malicious code in @redhat-cloud-services/frontend-components-remediations (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/01 12:0 a.m.25 views

Malicious code in @redhat-cloud-services/chrome (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

6AI score
Exploits0References2
OSV
OSV
added 2026/05/29 10:3 p.m.9 views

MAL-2026-5081 Malicious code in tailwind-effect (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a340be9809f1baa4f0e0ce64286a7d9266ccb49cd82fae68f5ac02b50e193a5f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/25 8:9 a.m.14 views

Malicious code in wm-plugin-json-conditions (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 43ae510c22e7ea36051bfaa2a241bc7f8035d9047c3fe927438ceef2f2ca81cf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/14 3:49 p.m.12 views

Malicious code in deltaprime-primeloans (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware de6dc7446f54374a89a45ea8f749647c8adc0aaf24720bd32ccfdb07e5b48042 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/12 3:27 a.m.10 views

Malicious code in @uipath/case-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c66eb0255d40992fc638ffb18c027abb448bdd26f8982781cf0f7da3be7b6910 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/23 4:8 p.m.11 views

Malicious code in hls.js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 96d28bd3e78b3ca60b3356380f0d7931659606c2b5def5865480d838ad21a0b3 The package hls.js was found to contain malicious code. Source: ghsa-malware 04b58b7f11fd42610f3056d4bc9aa84804d2ab9e657d7b84771cec1efe363ba9 Any...

5.7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/17 11:30 a.m.12 views

Malicious code in node-red-contrib-yolo-object-detection (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f37c68b0e146f969ed875753302026894ce41d379d736a1856b9e12a8c1a4479 The package node-red-contrib-yolo-object-detection was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/13 3:25 p.m.6 views

Malicious code in @zgny/onboarding-consumer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 684a60d5d9d4b9ac47a7796608812b7cb223c1567b4ff70aa057e57b6101f590 The package @zgny/onboarding-consumer was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
OSV
OSV
added 2026/03/25 1:54 a.m.9 views

MAL-2026-2165 Malicious code in @rexxtheproject/keyed-db (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa8d0778ab610c5b6e2320997c2427bf9e6295b93fe16ae478096953c1de9b34 The package @rexxtheproject/keyed-db was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/25 12:11 a.m.9 views

Malicious code in @xvortexsockets/baileys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e6fe781d4e79519992d2b0f37577515da41d7e0deb2f9f32df7c39dfb8de3916 The package @xvortexsockets/baileys was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/20 4:43 a.m.8 views

Malicious code in mtpmysql (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d398ba3dd05ce79a06fb2a2433842d601f917e38ffaa3ad94c02adc1bdb3b67f The package mtpmysql was found to contain malicious code. Source: ghsa-malware 0c3a7ad80c6454678adb0b86352965523e6157aec98c3976686697663fd882e8 Any...

5.7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/16 12:0 a.m.7 views

Malicious code in declaration-block-no-ignored-properties (npm)

The package 'declaration-block-no-ignored-properties' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2...

5.5AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/16 12:0 a.m.7 views

Malicious code in typescript-react-query (npm)

The package 'typescript-react-query' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

5.5AI score
Exploits0References3
Rows per page
Query Builder