Lucene search
K

7 matches found

OSV
OSV
added 2026/06/17 4:20 a.m.12 views

MAL-2026-5985 Malicious code in node-path-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 180db640dc8207694eb4629834f74b740d7efc9febf26067d190e10656fe04e9 Package name node-path-utils and its README/description claim it is 'an exact copy of the NodeJS path module', impersonating the Node.js core path...

6.1AI score
Exploits0References2
OSV
OSV
added 2026/05/26 9:49 a.m.8 views

MAL-2026-4808 Malicious code in wm-idp-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d2acf2a0d94ec1d2bada80f3251f5ecbea64d78ffadcab2b997b9708c2ae71cd package.json declares "node-fetch": "https://registry.ctzbg.com/wm-idp-sdk/node-fetch" — a direct HTTPS tarball URL hosted on a domain...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/26 6:25 a.m.16 views

Malicious code in ether-bn.js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4cc5567869e3d616af151887f680ef13bf23f8a19fe5978343254b921c1c7c73 Package name 'ether-bn.js' resembles the widely-used 'bn.js' big-number library, and the README directs users to install yet another name...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/05/26 6:25 a.m.13 views

MAL-2026-4779 Malicious code in ether-bn.js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4cc5567869e3d616af151887f680ef13bf23f8a19fe5978343254b921c1c7c73 Package name 'ether-bn.js' resembles the widely-used 'bn.js' big-number library, and the README directs users to install yet another name...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/25 4:58 p.m.12 views

Malicious code in gehneb (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 02811600aba146f33bc2f2a8eeee83d8539bf60398695af9f89b80541bbff971 package.json declares "consolefy": "git+https://github.com/ccndjdjdnnddnd-jpg/sbdrsfhbrfh.git" instead of resolving the legitimate consolefy package...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/05/21 5:44 a.m.8 views

MAL-2026-4673 Malicious code in sparkecoder (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d4e17b053b29d371301e49a703b1b6d2fba5631df4bf7b6926503a6b8bb82257 package.json declares a postinstall hook: "npm install -g agent-browser 2/dev/null || true; agent-browser install 2/dev/null || true". On npm install...

6AI score
Exploits0References1
OSV
OSV
added 2026/05/19 7:6 p.m.11 views

MAL-2026-4453 Malicious code in @tarojs/cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 59b4e6cd0fe6bd16c6fb2bd04e6542a2a3052182d8815a08b124df56f2d9fde2 On npm install, the package's postinstall script performs a reachability GET to https://taro.jd.com/ and, on success, invokes the package's own...

6AI score
Exploits0References2
Rows per page
Query Builder