Lucene search
K

1472 matches found

OSV
OSV
added 6 days ago7 views

MAL-2026-6555 Malicious code in livekit-agents (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5abf921f58c69745fee91e812853b493a282f3d42f55db38516ba54b827ea35b The unscoped npm package livekit-agents advertises itself in README as the official LiveKit Agents SDK and links to livekit.io documentation, but the...

5.8AI score
Exploits0References5
OSV
OSV
added 2026/06/27 3:48 a.m.6 views

MAL-2026-6545 Malicious code in crossmint-wallets-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dd4caebfba35b43bf10f156fe687f455e95b09a514b8644fe1a900b63f1bf78a Package name impersonates the Crossmint wallet SDK family. Both preinstall.js and index.js import childprocess, capture host identifiers hostname is...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 10:49 p.m.9 views

Malicious code in extra-huggingface (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c76a4e01b00801049375b9e60419bfba79f9b0afbb02aab5b4117f989296c5d3 The package presents itself as part of the Hugging Face ecosystem but actually ships a remote-access agent. extrahuggingface/init.py re-exports...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 6:41 a.m.5 views

Malicious code in gunicorm (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c97ab7b686dad57c3e1ffd4b86d6a75470164ed15ceedc2b26a4847fb2a331ab Package name gunicorm is a single-character edit of the widely-used gunicorn WSGI server and ships no functional code beyond setup.py. setup.py...

6AI score
Exploits0References2
OSV
OSV
added 2026/06/24 6:41 a.m.10 views

MAL-2026-6383 Malicious code in gunicorm (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c97ab7b686dad57c3e1ffd4b86d6a75470164ed15ceedc2b26a4847fb2a331ab Package name gunicorm is a single-character edit of the widely-used gunicorn WSGI server and ships no functional code beyond setup.py. setup.py...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 6:41 a.m.5 views

Malicious code in ditenv (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0a52dbba9abeff2c606bcbc862027da259fcbd3938c827abfdbdb06ba801ecb setup.py overrides the install and egginfo commands with a RunCommand class that fires unconditionally on pip install or pip download. The override...

6.2AI score
Exploits0References2
OSV
OSV
added 2026/06/24 6:41 a.m.4 views

MAL-2026-6381 Malicious code in ditenv (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0a52dbba9abeff2c606bcbc862027da259fcbd3938c827abfdbdb06ba801ecb setup.py overrides the install and egginfo commands with a RunCommand class that fires unconditionally on pip install or pip download. The override...

6.2AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 6:40 a.m.6 views

Malicious code in fkaks (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e44e1f1158eda01d3f18e3a3c01e30ebc9f8f92780ea532a63cf6ed31d8a25d3 fkaks 0.0.1 ships a setup.py that overrides the install and egginfo commands so that any pip install or pip download of the package unconditionally...

6.5AI score
Exploits0References2
OSV
OSV
added 2026/06/24 6:40 a.m.6 views

MAL-2026-6382 Malicious code in fkaks (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e44e1f1158eda01d3f18e3a3c01e30ebc9f8f92780ea532a63cf6ed31d8a25d3 fkaks 0.0.1 ships a setup.py that overrides the install and egginfo commands so that any pip install or pip download of the package unconditionally...

6.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/22 7:54 a.m.8 views

Malicious code in inversiones-common (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 347a767ebbbb5843e6b005c167d98c9ab7b3ea943fadd88401682f2a2b14b2a4 setup.py executes a beacon function at module top level before setup is called, so the payload fires automatically on pip install inversiones-common...

6.1AI score
Exploits0References3
OSV
OSV
added 2026/06/22 7:54 a.m.7 views

MAL-2026-6262 Malicious code in inversiones-common (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 347a767ebbbb5843e6b005c167d98c9ab7b3ea943fadd88401682f2a2b14b2a4 setup.py executes a beacon function at module top level before setup is called, so the payload fires automatically on pip install inversiones-common...

6.1AI score
Exploits0References3
OSV
OSV
added 2026/06/13 7:17 a.m.33 views

MAL-2026-5737 Malicious code in postcss-minify-selector-parser (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 957f5cbb74f4dd4b4770e8c9cc1a8aac88a4450cb01dbc0fa5242c42e343f54c The package name impersonates the widely-used postcss-selector-parser library which it also declares as a dependency and re-exports verbatim from...

6AI score
Exploits0References10
OSV
OSV
added 2026/06/12 3:24 p.m.12 views

MAL-2026-5696 Malicious code in voyager-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a7f4f15201378ec6cee4268469e85e17e50f3f5299d94a250031d6c2693177b8 package.json declares both preinstall and postinstall lifecycle hooks that execute callback.js on npm install. callback.js collects installer-side...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 8:28 p.m.12 views

Malicious code in getd-content-management (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 44eb41541c340c710ad8afc366ab4642d3809d8d9afef53b99e3704b9dfb684b The unscoped package name 'getd-content-management' impersonates the legitimate @getd/ npm scope acknowledged in the package's own README. On npm...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/08 10:22 p.m.12 views

Malicious code in solana-web3-py (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector af1a2f1a7c7e3bddb9c8d2fcb8a4c86a6755763c94b95b1eddb81f382318c432 Malicious typosquat impersonating the legitimate Solana Python SDK solana / solana-py and the JS @solana/web3.js. The package ships no SDK...

5.6AI score
Exploits0References3
OSV
OSV
added 2026/06/08 10:22 p.m.12 views

MAL-2026-5338 Malicious code in solana-web3-py (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector af1a2f1a7c7e3bddb9c8d2fcb8a4c86a6755763c94b95b1eddb81f382318c432 Malicious typosquat impersonating the legitimate Solana Python SDK solana / solana-py and the JS @solana/web3.js. The package ships no SDK...

5.6AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/08 10:21 p.m.12 views

Malicious code in solana-cli-py (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 80ee640ddeeacc31a125ec0fcc11dcb5f9a23e18f5ed003ce2dfcb1de8bbe1dd On import solanaclipy, the package's top-level init.py unconditionally invokes report, which harvests standard developer-side secret material and POS...

5.6AI score
Exploits0References3
OSV
OSV
added 2026/06/08 10:21 p.m.12 views

MAL-2026-5336 Malicious code in solana-cli-py (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 80ee640ddeeacc31a125ec0fcc11dcb5f9a23e18f5ed003ce2dfcb1de8bbe1dd On import solanaclipy, the package's top-level init.py unconditionally invokes report, which harvests standard developer-side secret material and POS...

5.6AI score
Exploits0References3
OSV
OSV
added 2026/06/08 10:20 p.m.8 views

MAL-2026-5337 Malicious code in solana-web3 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4967ebad2d1f4f5802ef50f1d399c05c4dfab94a208079695570b15ffef0fdd2 On import, solana-web3/init.py executes a credential-stealer payload. After a sandbox-evasion gate checks for 12-hex Docker hostname, /.dockerenv, an...

5.6AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/08 10:20 p.m.10 views

Malicious code in solana-web3 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4967ebad2d1f4f5802ef50f1d399c05c4dfab94a208079695570b15ffef0fdd2 On import, solana-web3/init.py executes a credential-stealer payload. After a sandbox-evasion gate checks for 12-hex Docker hostname, /.dockerenv, an...

5.6AI score
Exploits0References3
Rows per page
Query Builder