CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSSF Malicious Packages•added 2026/06/14 1:39 p.m.•7 views

Malicious code in npx-whoami-demo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0971bcb88de070f17d932feff04cd6e66ecc825f606b412414457a3afb4ad174 The package's only code file index.js, also registered as the package's bin entry unconditionally executes require'childprocess'.execSync"bash -c...

5.5AI score

OSV•added 2026/06/14 1:39 p.m.•7 views

MAL-2026-5772 Malicious code in npx-whoami-demo (npm)

5.5AI score

OSSF Malicious Packages•added 2026/06/13 9:4 p.m.•9 views

Malicious code in @giftyhq/widget-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ad3f12a6a12fbfa60e4a72747df6974f89906200568926b99a8c93c489b5e62 package.json declares "preinstall": "node index.js", which fires automatically on npm install. index.js collects host fingerprinting data —...

5.3AI score

OSV•added 2026/06/13 9:4 p.m.•11 views

MAL-2026-5747 Malicious code in @giftyhq/widget-components (npm)

5.3AI score

OSV•added 2026/06/13 7:19 a.m.•10 views

MAL-2026-5739 Malicious code in sheratan_haha (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b473b40e0c041d34e85161ed8c91e0e00d006a0822698a0d3994876cb685ddd On npm install, the package's declared postinstall hook node postinstall.js runs whoami on the installer's machine and POSTs the output to a hardcode...

5.4AI score

OSSF Malicious Packages•added 2026/06/13 7:19 a.m.•10 views

Malicious code in sheratan_haha (npm)

5.4AI score

OSV•added 2026/06/12 7:2 p.m.•10 views

MAL-2026-5703 Malicious code in eslint-plugin-mistica-local-rules (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c1d21f50741178986b63d1f330373131c2f3f502a5b94e76ca921ce185fab123 package.json declares a preinstall hook that runs index.js automatically on npm install. index.js collects host identity os.hostname, os.platform,...

5.3AI score

OSSF Malicious Packages•added 2026/06/11 4:37 a.m.•9 views

Malicious code in testzapier (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a5840f2a3b34d7f32de7243a146ecf85ac875bd1ef09b0ba9a395d08e356084f package.json declares a preinstall hook node index.js that fires automatically on npm install. index.js spawns a shell that runs curl -X POST against...

5.5AI score

OSSF Malicious Packages•added 2026/05/25 10:0 p.m.•13 views

Malicious code in json-to-simple-graphql-schema (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b9998f4fd6abaaefcf6bd610ce0b558f0e1eb22c9d4dae07a111c27cc7f7322c The package contains a poc.js script that collects host reconnaissance data os.hostname, os.platform, output of whoami via childprocess and POSTs it ...

6AI score

OSV•added 2026/05/25 2:15 p.m.•5 views

MAL-2026-4685 Malicious code in tempo-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6790e6e83af71238b9773ae49568f5374d094d23d1a7247ef4560d645ef64024 The package contains a file poc.js that imports os, https, fs, and childprocess; collects host identifiers including os.hostname, os.platform, and th...

OSSF Malicious Packages•added 2026/05/25 2:15 p.m.•11 views

Malicious code in tempo-components (npm)

OSV•added 2026/05/25 1:45 p.m.•10 views

MAL-2026-4523 Malicious code in claude-channel-imessage (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9751c370c062cb40bccb874f46679ad3ca8ba9d3b49d0d8ba1f924d9582e53a3 On npm install, postinstall.js executes whoami and id, reads os.hostname, os.platform, process.cwd, and the CI, GITHUBREPOSITORY, and NODEENV...

OSSF Malicious Packages•added 2026/05/22 5:25 p.m.•10 views

Malicious code in openmct-couch-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ce8eff366d17efa64bf8605941d009d01cf7a24aaf011af30faec449fc4a2e28 On npm install, the package's preinstall script runs node index.js and then curls the output of hostname && whoami to...

OSSF Malicious Packages•added 2026/05/22 2:4 p.m.•10 views

Exploits0References3

Malicious code in osep-react-antd (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9373e8880ad89854cc168b48a36c59bd72abfaf220e08fb751b948f0c4d8ddfb package.json declares preinstall: node index.js, which runs automatically on npm install. index.js collects host identifiers os.hostname,...

OSV•added 2026/05/22 2:4 p.m.•8 views

MAL-2026-4634 Malicious code in osep-react-antd (npm)

OSSF Malicious Packages•added 2026/05/22 1:52 p.m.•10 views

Malicious code in osep-api-hub-service-client-v1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cd131719d20e013a4627e1ea402ffc26135d66a5d6dd35669b8a3a6fb85e5f76 package.json declares "preinstall": "node index.js", causing index.js to run automatically on npm install. index.js collects host identifiers —...

OSV•added 2026/05/21 10:33 p.m.•3 views

MAL-2026-4540 Malicious code in crypt0co-walet-poc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b5510d98b1e380f6c130bf9b4428321d711ae88d8a4fcb66368a2f6fb4e7ff58 On require/import, index.js lines 6-12 serializes the full process.env to /tmp/pocimpact.json and runs whoami and ip addr via execSync to fingerprint...

6AI score

OSSF Malicious Packages•added 2026/05/19 7:0 p.m.•7 views

Malicious code in workrally (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 502275ca25c6fb0e28db57d91789be11e347b5f21696ed45e15c015d123eaf51 dist/index.js imports childprocess and runs whoami observed at multiple call sites, then POSTs the result to a hardcoded remote URL...

OSV•added 2026/05/19 7:0 p.m.•9 views

MAL-2026-4732 Malicious code in workrally (npm)