Lucene search
K

4 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 5:44 p.m.17 views

Malicious code in grateful-checkout (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c2a9600ad3ee3fddd9f06425260c94edf660263800080787155a63d3e5212d12 On npm install, the postinstall hook in src/canary.js performs a DNS lookup and an HTTPS GET to a serveo tunnel host...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 5:44 p.m.13 views

Malicious code in checkout-signer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f6add4dfcaaf79ce107ac8026032b47540def183a121be2266891644c90f10c8 Package replicates the API surface of an internal Exodus package generateMnemonicSigningKeys, signDirectPaymentMultiChain, signCapture, signRefund,...

5.3AI score
Exploits0References1
OSV
OSV
added 2026/06/09 5:44 p.m.10 views

MAL-2026-5436 Malicious code in checkout-signer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f6add4dfcaaf79ce107ac8026032b47540def183a121be2266891644c90f10c8 Package replicates the API surface of an internal Exodus package generateMnemonicSigningKeys, signDirectPaymentMultiChain, signCapture, signRefund,...

5.3AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 5:44 p.m.14 views

Malicious code in exodus-wallet-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53bf93b626689e980ef2e9c4ba33fd95e81d6a04c665f85908c8cf07b8b36e14 Package name impersonates the Exodus cryptocurrency wallet brand. package.json declares "postinstall": "node src/canary.js", and src/canary.js perfor...

6.1AI score
Exploits0References1
Rows per page
Query Builder