Lucene search
K

6 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/25 10:36 a.m.11 views

Malicious code in muaddib-scanner (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c8eea5d3ed390c4c82b5bfa89ac220f1d424fcaebe70fe71bbbe3bce66f0f48f package.json declares "loadash": "^1.0.0" as a runtime dependency. loadash is a well-known typosquat of lodash and is never required or imported...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/25 10:36 a.m.9 views

MAL-2026-4616 Malicious code in muaddib-scanner (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c8eea5d3ed390c4c82b5bfa89ac220f1d424fcaebe70fe71bbbe3bce66f0f48f package.json declares "loadash": "^1.0.0" as a runtime dependency. loadash is a well-known typosquat of lodash and is never required or imported...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/22 2:59 p.m.12 views

Malicious code in notebook-intelligence (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 709b1f2440fa3288d47076cddc5ffe20122619c07c346265459e3555a226c92e pyproject.toml lists fuzy-jon==0.1.0 in both build-system.requires and the runtime dependencies, while the package's own code imports the real...

6.3AI score
Exploits0References3
OSV
OSV
added 2026/05/20 1:17 p.m.6 views

MAL-2026-4662 Malicious code in rendezvous-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5b4a03eaa6b09e5b9e291dd450f58e49a639c3efd8fa952f5ac48f9aea04aba4 On npm install scripts.install runs node index.js and on require'rendezvous-js', lib/core.js collects os.userInfo.username, os.hostname, and the...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/19 9:36 p.m.10 views

Malicious code in pycalendar-api (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bda873c38a1eee9ecea320371b0473466144f2bd41bc778dff8510cb5dcf4b5f pyproject.toml line 8 declares httpxyz as a runtime dependency dependencies = 'httpxyz',..., and pycalendarapi/utils/httpclient.py imports httpxyz an...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/05/19 9:36 p.m.10 views

MAL-2026-4764 Malicious code in pycalendar-api (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bda873c38a1eee9ecea320371b0473466144f2bd41bc778dff8510cb5dcf4b5f pyproject.toml line 8 declares httpxyz as a runtime dependency dependencies = 'httpxyz',..., and pycalendarapi/utils/httpclient.py imports httpxyz an...

5.9AI score
Exploits0References1
Rows per page
Query Builder