Lucene search
K

234 matches found

OSV
OSV
added 2026/06/23 3:38 p.m.8 views

MAL-2026-6336 Malicious code in sync-external (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc297a0deaba794fdbfccc280a79c7cc895f21fc4e0122b1fba1bc4759b66c3f The package ships an obfuscated JavaScript file at shim/index.js using hex-style identifier mangling 0x391f3f, 0x3eff0a, 0x534564, etc. characteristi...

5.8AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 12:5 p.m.7 views

Malicious code in local-ip-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5741cea5f57c51246c2944fda4ecf601f191b482e5c6effa22b640f8701a00e8 index.js imports childprocess and calls execSync with bash and zsh lines 301 and 317. Without further context, it is unclear whether these invocation...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/19 8:28 a.m.8 views

Malicious code in ts-ecro-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 86149b041033a917b3b743b9381a14368e79015385b27b89429cf7f6a35d0d30 No suspicious behaviors were identified in this package version. There are no lifecycle hook hazards, no outbound network calls to attacker-controlle...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/18 3:18 p.m.12 views

Malicious code in parket-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31d62a38af75a45a91e590e0cffe4f58e900fe726b4323af1e481118d146277c index.js imports childprocess and invokes execSync with bash and zsh shells lines 315 and 331. Without traced reachability, it is not established...

5.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 11:50 a.m.10 views

Malicious code in @mastra/voice-playai (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 095ae6a310d12472e2f23394b600c1465acb4921d1ae78a38893ff567518437f The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 5:7 a.m.9 views

Malicious code in @mastra/voice-google (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec7a69b358b2f5ed11287ca744502237a1b6971aac05d462222656a70b5864b3 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/16 12:29 a.m.16 views

Malicious code in tailwind-typography-style (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5b5b1eea6bfed81a0e57b9af519c45155347e3937a20dc8ef4e9ab1cae6ff73d The package impersonates @tailwindcss/typography by name and ships a verbatim copy of tailwindlabs/tailwindcss-typography's src/ tree index.js,...

5.5AI score
Exploits0References2
OSV
OSV
added 2026/06/11 1:54 p.m.10 views

MAL-2026-5671 Malicious code in sitecore-mm-component-style (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e1e025725001efb60959449e734f39db775cc54e77abb0c97364f7929cf54a8c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 3:10 p.m.14 views

Malicious code in enquriers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c7f041bb6800c0c765683543b18f204299e64265c3d9124c54f7f0169b53348 Package name 'enquriers' closely resembles the widely-used 'enquirer' package transposed/added characters, suggesting potential name-confusion risk. ...

6.3AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/29 10:2 p.m.14 views

Malicious code in foundry-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4918af978c72d6459e02a9d0b1114f54cde7f3973b1cc3f61b497a0575269592 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/29 10:2 p.m.15 views

Malicious code in codex-devcontainer-install (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8248bf278df1e89da484099e912cdf9f8659976469a219bee14a03e2755391ce Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/28 1:39 p.m.14 views

Malicious code in @service-suppliers/set_initial_loaded (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2bd44f16d8e16a982d3d1b38f7956db80de10ef3c0c176e7079e684926c1c3c7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/25 9:5 a.m.14 views

MAL-2026-4297 Malicious code in @gbrlxvii/ts-env-validator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a87c7356d89cd5eab9c271d10f1a74e288d09e5cf9333a9ee102ef8a532b31dd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/25 9:0 a.m.10 views

MAL-2026-4316 Malicious code in internallib_v95 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 446fa224122b28950a2a22289bd7a9bf4a29861cde218c495651e1e58da37176 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/25 8:54 a.m.13 views

Malicious code in auth0-internal-collector (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9cd9c4c46311fb401f00b6d79b338757ec70d4c666fcf65ab5ae95a90d686233 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/25 8:13 a.m.12 views

MAL-2026-4315 Malicious code in flownodelp5 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 575f60ffff67c8ec6924f975f378d7185d634e49dec8e3cc8637941eabfeba83 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/25 8:1 a.m.15 views

Malicious code in levex-press (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f33c109f544ebe960d2fe2880abba71a8abbbcfc1b8042ca5c5d5d9e6ac6b557 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/19 11:32 a.m.11 views

Malicious code in chai-as-vec (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc2944243ad1e093008da195dce566e63cce55ebe7fe0f5eb98ad71ffaddb81d The package chai-as-vec was found to contain malicious code. Source: ghsa-malware 881a1aaf4a8b84da34d86f9eae83889cf848ee573bc5b1b0323a75edf9789e86 An...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/12 12:17 a.m.14 views

Malicious code in cross-stitch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bfe06155444d60d3774a256051b31f6a4814f484f33830cbe61eec7ebe611be6 The package cross-stitch was found to contain malicious code. Source: ghsa-malware 7c23bb77e762be76915e8202d11074aaa122efe0a8a32e403fa00ee8563c9bbe A...

5.8AI score
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/29 2:40 p.m.10 views

Malicious code in frank-newton3-final-audit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7475946d315dcfc995a7c806043777be1e5a57b72c7c1313fc36944f37a52db1 The package frank-newton3-final-audit was found to contain malicious code. Source: ghsa-malware...

5.4AI score
Exploits0References1
Rows per page
Query Builder