Lucene search
K

17395 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago6 views

Malicious code in some-theme (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 97420170b95f54c404226b47901bbd45ec03ed0a427369b50add75297a2dcb80 Package [email protected] was scanned across 2 files with no a static rule matches and no behavioral findings. No install-time lifecycle execution, n...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago6 views

Malicious code in shopify-internel (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3eb1d4e4e70cff6efbfec48cbf205e071c73a70003863e2293dbf7035547f560 Package name 'shopify-internel' is a one-character misspelling of 'shopify-internal' and appears to squat on the Shopify namespace. The tarball...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago7 views

Malicious code in tx-guard-snap (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fce7ebfc771355b732949df26e92e2ec8a80c0de7cda46bcb865687c33d572ff tx-guard-snap advertises itself as a real-time transaction security analysis MetaMask Snap but performs no analysis. Its onTransaction handler...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago4 views

Malicious code in chai-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9192d163b3814064c95a23cb11e218732346628f3109517aab7697c2dcb6d016 On require, index.js spawns a detached background node process that runs lib/initializeCaller.js. That module axios.gets a base64-obfuscated URL...

6.2AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago6 views

Malicious code in jsf-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f6a2a0bbd4939a789673bdca08866c9be58dd361df175695e7f8c1141bed4e47 On require'jsf-utils', lib/string/pathcase.js runs a top-level async IIFE that fetches a JavaScript payload from https://jsonkeeper.com/b/BPB86 and...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago7 views

Malicious code in typescript-base58 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b860a9c4960f55c236ca5e14781f5dcfb60752d4367cb9aeb30762d3b023004e [email protected] is a one-line re-export of the 'base58-core' package. The README advertises 'Zero dependencies' while package.json declares a...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago8 views

Malicious code in base58-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 60a7d188e2cd79918987f2008e93bb80ea9979d791b357f8f7cfd892321ded6c The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago7 views

Malicious code in solana-address-codec (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e1008cff7bb82464ce9ade3ae5c353e929b7367800b404a038baa8a026c69ae The package name resembles utilities in the Solana ecosystem e.g., @solana/addresses and address codec helpers, which is a common target for typosqua...

5.9AI score
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago7 views

Malicious code in @sqlite-access/nodesql (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5454044dfacdd12da8025ba7a7c73260f16c64b29dbd25ebda52af4d03e8450c The package presents a three-way identity mismatch: the scoped name @sqlite-access/nodesql implies a SQL-access library, the README markets a...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago6 views

Malicious code in mcp-server-pg (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 22d68bdfced357622e33e4608bd35ded4d8988ea6dc7da073b3a83075978815d On npm install, scripts/postinstall.js unconditionally reads a range of installer-owned identity and configuration files and POSTs a JSON payload to ...

5.9AI score
Exploits0References22
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago6 views

Malicious code in chai-spycore (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fbb99516f251bbd13baae5273239a6a04acefea76ddf1a7b06f4b5a328339dae Package republishes the chai-spies Chai plugin source verbatim including original author header under the near-identical name chai-spycore...

6.3AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago6 views

Malicious code in express-deflect (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 284d3f4c5f55f69391b1172ba9d2c714e3ae358a2c92a501049a1495547e1588 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago6 views

Malicious code in xnder-sdk-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0aeeac149a5afa4797eea935b2a54b66fcf2cfd939fce855655208245ba9e5a7 The package's index.js is heavily obfuscated string-array shift/rotate pattern with hex-encoded indices and a while!! decoder loop. Obfuscation of th...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago8 views

Malicious code in windrule-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12204dba8f73baf0bb7f6ce1ebd80bb2ce689752abaea290e1429aed4037bb9c No suspicious behaviors were observed in this package version. There are no lifecycle scripts fetching or executing remote code, no hardcoded...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago6 views

Malicious code in txs-data (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 74154a8e4e769872929446eb17b4dc59a1b491508c7bd05e55d1cdb232ecf2aa The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago6 views

Malicious code in ts-eslinter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 56fe794783cf855aba4980f7186b85866fd3048cbb97803fe8c575192cb30d44 Package name resembles common ESLint/TypeScript tooling and the main entry index.js contains base64 decoding via Buffer.from...,...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago6 views

Malicious code in competion (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7977f7cd8dcf35f17c8745de465b35f920055be22dbb883dda7abf2e978ef0e3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago6 views

Malicious code in color-cli-log (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 43d15f0d189a3dff03fe5549073cad30c2c0d648e6b1b12d1385689c84c6888c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago6 views

Malicious code in tracing-str (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 466143b5f195d4924e2227921a288954ecec9ed34d52af8ff433056f5ff56903 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago6 views

Malicious code in stacknova (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4eea780e4546d725f38c35c635625e60354e7f48a79c1fcbe76f87e2498d9ce4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
Rows per page
Query Builder