Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

OSSF Malicious Packages
OSSF Malicious Packagesadded 4 hours ago4 views

Malicious code in cache-section-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cad3d2732831e4b798073aff289abd1abdbb718b4caa9e4f970a0dd3f7733653 package.json declares a postinstall hook node -e "require'./loader.js'" that runs automatically on every npm install. loader.js hex-decodes the strin...

5.7AI score
Exploits0References1
OSV
OSVadded 4 hours ago2 views

MAL-2026-5604 Malicious code in cache-section-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cad3d2732831e4b798073aff289abd1abdbb718b4caa9e4f970a0dd3f7733653 package.json declares a postinstall hook node -e "require'./loader.js'" that runs automatically on every npm install. loader.js hex-decodes the strin...

5.7AI score
Exploits0References1
OSV
OSVadded 6 hours ago3 views

MAL-2026-5579 Malicious code in webpack-cache-cycle (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 82fa37e2478a7109e376e3a062ccb203806511033930eb7390e45fe7ef404b81 On npm install, package.json's postinstall hook runs node -e "require'./loader.js'". loader.js spawns a detached node process that decodes a...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packagesadded 6 hours ago3 views

Malicious code in webpack-cache-cycle (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 82fa37e2478a7109e376e3a062ccb203806511033930eb7390e45fe7ef404b81 On npm install, package.json's postinstall hook runs node -e "require'./loader.js'". loader.js spawns a detached node process that decodes a...

5.5AI score
Exploits0References1
OSV
OSVadded 6 hours ago3 views

MAL-2026-5578 Malicious code in webpack-cache-clean (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f8656d094ec59721c08eb72a1ec8f1530cd07985edf705032926dd9a19461d9 On npm install, the package runs a postinstall hook node -e "require'./loader.js'" that spawns a detached child process. The child decodes an...

6.3AI score
Exploits0References1
OSV
OSVadded 2025/11/12 4:29 a.m.1 views

MAL-2025-143874 Malicious code in jasmine-webpack-cache-ganymede (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f5c042d0c0100bbb1803f2909889b6bb8896aa6622806d1239f8271b65ac7101 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
Rows per page
Query Builder