Lucene search
K
OssfMost viewed

226596 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 5:6 a.m.13 views

Malicious code in webpack-cache-cycle (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 82fa37e2478a7109e376e3a062ccb203806511033930eb7390e45fe7ef404b81 On npm install, package.json's postinstall hook runs node -e "require'./loader.js'". loader.js spawns a detached node process that decodes a...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 5:6 a.m.13 views

Malicious code in webpack-cache-reset (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fee0027f45dd4846b52b99120af39a0bca88f8693047612e946cd8d816f36e6c On npm install, the package's postinstall hook runs loader.js, which hex-decodes the URL https://jsonkeeper.com/b/INN1F an anonymous JSON paste host,...

6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 5:0 a.m.13 views

Malicious code in @bestlzk/sectest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0cfce552ac72417ec7db2c48e0e13b1d060007167e82bd0f9b10799efe85e7f4 On npm install, postinstall.js collects platform, Node version, current working directory, and OS username, then POSTs them as JSON to...

6.4AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 4:45 a.m.13 views

Malicious code in @koadz/sso (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d284d5d0421ad906d63959ed4e0f3354106166311f4066ff794669f52d1eacfb package.json declares a postinstall hook that runs dist/index.js. The compiled bundle contains an appended payload absent from the index.ts source...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 4:44 a.m.13 views

Malicious code in solana-rpc-pool (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 59e128b9efb48222aac63385175a13c182fc4f832f83576eb80f7777f255048c On npm install, the package's postinstall hook runs install.js which performs four independent attacker-benefit actions. 1 Credential theft: it reads...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 4:16 a.m.13 views

Malicious code in tailwind-dark-mode-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 05c8c711242c04547353cacb4860ee757d595ac459a6f8d7311d2c0827a6bc92 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 2:51 a.m.13 views

Malicious code in @my_name_is_khn/express-security-tool-v3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 42987119346b57a7014465a5a7bec3c00d1928e7e41d999152aa4e2f814c298e On npm install, the package's postinstall runs scripts/inject.js, which walks up from the current working directory to locate the consumer project's...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/10 6:46 p.m.13 views

Malicious code in chai-check-error (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e290b42de2cbd4aa74afa6550fc9a0381dfcb0f6996dcdc22254268b391f9f8 [email protected] impersonates the legitimate chaijs/check-error utility copied README, author metadata, repository URL, and exported API surfac...

5.5AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/10 6:41 p.m.13 views

Malicious code in websocket-slot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c15c40b8371646f167ffa7d5a2ba2c8d0fd454ef7054eeb41807a1a3eda8e7a6 On npm install, this package runs node test.js via scripts.postinstall, which executes the logic in index.js. The postinstall behavior performs three...

5.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/10 6:22 p.m.13 views

Malicious code in @orion-design-system/foundation (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e7fdf1bb78d6c3750adffa854f5f08c7f2fd7af6166f7234aa5cbf4974a1375 The package's npm preinstall lifecycle script runs an inline node -e payload that collects the installer's hostname os.hostname and OS username...

5.5AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/10 6:21 p.m.13 views

Malicious code in @orion-design-system/store (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4218505b74ba258cea12df713bbc27db9fa58d6660cf83e6d0c5fd8a9f68a4c2 package.json declares a preinstall script that runs on every npm install. The script uses node -e to require os and https, reads os.hostname and...

5.4AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/10 5:11 p.m.13 views

Malicious code in requests-toolbelt-plus (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 38c64ca050de4910f56bc4a652890b0a378082859cb62153762c6ae08b4b8eae The package impersonates the popular requests-toolbelt library but ships an empty requeststoolbeltplus/init.py and places its real logic in setup.py...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/10 3:8 p.m.13 views

Malicious code in crypto-promise-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 00594a3ae015e55e13c94c904866eae7b86a39b904b2d79469c4b59508c3918f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/10 2:9 p.m.13 views

Malicious code in argoncrypt (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ca59273c7d2b5b7797e301ab861354081dbbb6c47209858459be0ada49036167 On require, index.js spawns a detached, unref'd Node child running lib/initializeCaller.js. That file decodes a base64-disguised URL...

5.6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/10 1:34 p.m.13 views

Malicious code in solc-compiler (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6db07dc6d910303b81dcfab09279484fcfa83409addff755a29d58b1d0dff495 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/10 1:34 p.m.13 views

Malicious code in solc-abi (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a5ecbb6619ae13314417faab35b315155c9a55f98dfdb707fe44edfe1f7e7356 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/10 1:34 p.m.13 views

Malicious code in solidity-abi (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d00c844413b4c809e5d57d1952a17f67f2c72324fd379c91d5fdd8aa3fdd9da9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 8:29 p.m.13 views

Malicious code in getd-typescript-eslint-rules (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector caed4b0db34232c4ef920817b6087cee9ac0610ec4ec2e49edbb5f167342f42f On npm install, the postinstall.js script collects the installer's hostname, OS username, platform, current working directory, CI environment markers...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 8:28 p.m.13 views

Malicious code in getd-content-management (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 44eb41541c340c710ad8afc366ab4642d3809d8d9afef53b99e3704b9dfb684b The unscoped package name 'getd-content-management' impersonates the legitimate @getd/ npm scope acknowledged in the package's own README. On npm...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 8:25 p.m.13 views

Malicious code in getd-web-corporativa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6751d3ca04c2ae596f7e809e339770edaed576060d361c061311960b0a3a7033 On npm install, postinstall.js performs an HTTPS GET to a hardcoded webhook.site receiver, leaking the installer's hostname, OS username, platform,...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 6:3 p.m.13 views

Malicious code in fhirproxy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 96e092973bad8e995bdec34000e45943e0be59996e84f181ee4bee9cd423f8eb [email protected] is a thin loader package whose only behavior is to pull and execute the dependency fhirproxy-utils. package.json declares both...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 5:44 p.m.13 views

Malicious code in grateful-payments (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a7a07a0a09ed8037058353b9b9b067e25e3cbe783eaab8d54276d490f823471 On npm install, the package's postinstall script src/canary.js performs a DNS lookup and HTTPS GET to the hardcoded host...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 5:40 p.m.13 views

Malicious code in @klapp-otp/routes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9246974efd1a626094dd3f2027df2e8f1468ce45ebcba42e5207a06c5c9e16ee On npm install, this package auto-executes index.js via the preinstall lifecycle hook. The script collects os.hostname, os.userInfo, dirname,...

5.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 5:38 p.m.13 views

Malicious code in @nstrlabs/auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 608be3457e7c809e60c1b76b9406489652f0ef708bfb97db2b6e0bb92b6836c2 On npm install, the package's preinstall hook node index.js || true, declared in package.json automatically collects host identifiers — os.hostname,...

5.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 5:37 p.m.13 views

Malicious code in @klapp-kyc/routes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ca32e3aa7685d93e36eca726e08096bd0c5ba425172ef254fdf769cc09b46887 On npm install, the package's preinstall hook executes node index.js, which collects the installer's hostname, OS username, current working directory...

5.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 5:36 p.m.13 views

Malicious code in @payment-review/store (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2d624eaefbb0245bf0c9a7b598c461a3ba5ec48005cfec223898062741ef8c2e package.json declares preinstall: node index.js || true, so installing the package automatically runs index.js on npm install. The script collects ho...

5.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 5:24 p.m.13 views

Malicious code in mazemap (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 751317dcad79cec866b8dc69cd60b39e3be8e1bcc45746039835b04ce32445b0 package.json declares its only dependency ltidisafe as a direct HTTPS tarball URL https://ltidi.storage.googleapis.com/depenconf/ltidisafe-3.0.2.tgz...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 5:16 p.m.13 views

Malicious code in ac_semantic-ui_ts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f8b97f7d3e69494d0415e13aec8d9d51ce1f5912d8c1de45a1e563e2d1b01d3d package.json declares a postinstall hook that runs canary.js, which issues an HTTP GET to bare IP 157.230.17.236 on port 80 with query parameters...

5.4AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 5:16 p.m.13 views

Malicious code in @oplus/obus-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ed41b3738a8034ebb2e92744dd0891812f6c6fdb278e78c377045a86f2b5a34d On npm install, scripts/postinstall.js collects the installer's username os.userInfo, hostname os.hostname, current working directory process.cwd, an...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 4:31 p.m.13 views

Malicious code in cubifyanything (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2cab88d6047b15dbb32ca245f083a7eecd1df75ce183d47637c6c9edf5cfd0b4 cubifyanything 1.0.1 is a dependency-confusion squat shipping no real functionality top-level cubifyanything/init.py is 0 bytes and a setup.py that...

5.6AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 4:7 p.m.13 views

Malicious code in @0xlr/clerk-auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2ff421a5ccb412fd8455e89a1b9875b427ed34af12fa4b188ed4418cd8f52a74 On npm install, postinstall.js enumerates the entire process environment Object.keysprocess.env.sort.forEach along with hostname, username, home...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 4:7 p.m.13 views

Malicious code in ui-weave (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ee5b1184b3208f8eee80df74c37c809f93461564a9226e1f82e1d551770d799a package.json declares postinstall: node lib/utils/index.js, which spawns a detached child process running lib/utils/smtp-connection/index.js. That...

5.4AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 4:6 p.m.13 views

Malicious code in @0xlr/supabase-db (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0feb7f8ea3069b0e830043fea195c088ea28709cc18a32676f389c61a15fc84c On npm install, the package's postinstall.js script enumerates all of process.env and collects host identifiers os.hostname, username, homedir, cwd,...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 4:5 p.m.13 views

Malicious code in savant-listing (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7360e78a5c5d56ea9323cde1f41e33ce8cc6b625034ef82d067bbfeafee60461 [email protected] is a dependency-confusion squat. package.json declares both install and postinstall lifecycle scripts that run curl...

5.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 3:10 p.m.13 views

Malicious code in progerss-cli (npm)

progerss-cli is a typosquat of the popular cli-progress package that ships an obfuscated payload executed automatically on install. The package borrows trust from its victim: repository.url is set to https://github.com/npkgz/cli-progress — the legitimate cli-progress project's own repository — an...

5.7AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 7:55 a.m.13 views

Malicious code in ethereum-kit-9 (npm)

Crypto/SSH/wallet stealer, blockchain-helper-0 campaign sibling c960+. postinstall auto-execs, src/index.js harvests /.ssh/idrsa+ided25519+Sol/Eth/BTC/Tron/Sui/Aptos wallets+.env+seeds, self-labels "CRYPTO STEALER", exfils to SAME Telegram bot 8227918239 chat 6433587894 not rotated. Campaign now...

5.7AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 3:26 a.m.13 views

Malicious code in solana-core-4 (npm)

Crypto/SSH/wallet stealer, blockchain-helper-0/web3-tools-9 campaign sibling c960/c961. postinstall scripts/postinstall.js auto-execs, src/index.js harvests /.ssh/idrsa+wallet keys/seeds+env, self-labels "CRYPTO STEALER", exfils to IDENTICAL Telegram bot 8227918239 chat 6433587894 not rotated...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/08 10:22 p.m.13 views

Malicious code in solana-web3-py (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector af1a2f1a7c7e3bddb9c8d2fcb8a4c86a6755763c94b95b1eddb81f382318c432 Malicious typosquat impersonating the legitimate Solana Python SDK solana / solana-py and the JS @solana/web3.js. The package ships no SDK...

5.6AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/08 10:21 p.m.13 views

Malicious code in solana-cli-py (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 80ee640ddeeacc31a125ec0fcc11dcb5f9a23e18f5ed003ce2dfcb1de8bbe1dd On import solanaclipy, the package's top-level init.py unconditionally invokes report, which harvests standard developer-side secret material and POS...

5.6AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/08 6:25 p.m.13 views

Malicious code in bittensor-burn (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 99f546bfd362dae8aed49775bf13961c3540c29ef6fa54f484bf57e978d775be The package markets itself as a Bittensor burn-rate monitor but ships a compiled native module bittensorburnwatch/core.cpython-.so that reads the...

5.7AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/08 6:4 p.m.13 views

Malicious code in xforpy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6ebd6a0497e01ef631a2c357263bd1af23d88e8d9a9ae46fe39110571949198c During import, the package starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/08 4:16 p.m.13 views

Malicious code in odoo-addon-spp-base (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis da9c7bdf0b4ac969bfa720be2b3f87caa4c82a6d3ac7eeda5e74946aa3c1a1de The OpenSSF Package Analysis project identified 'odoo-addon-spp-base' @ 99.0.0 pypi as malicious. It is considered malicious because: - The...

5.4AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/08 11:10 a.m.13 views

Malicious code in quickwinston (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 304b4e430bff604f20121bc97398fa6ee18a25c16187d31b6553248bc54e63c7 The OpenSSF Package Analysis project identified 'quickwinston' @ 3.19.3 npm as malicious. It is considered malicious because: - The package...

5.5AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/08 9:27 a.m.13 views

Malicious code in nodemon-lint (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e62de7b45c63185183f5fe120bd363a176f70cb28d4abfeec9a3686b320a0b96 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/08 9:0 a.m.13 views

Malicious code in nodemon-copack (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c19d51ffe2ef2fc40ac2efc32c5abe45d0f04280090bf17114c9cf87148cc1e3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/08 7:54 a.m.13 views

Malicious code in tlask (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2b3ae446f7b8d808b84c157ec455883e0bc45e4f4180e51c5cd42ff9852712a2 Typosquatting package published from a compromised account with an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed usi...

5.5AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/07 10:25 a.m.13 views

Malicious code in sequoia-engineering (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2f9c2bfd3d6035b7f58ea95bdcd1329af80adec3c1ef84cb1a8412c6d4c3bf9b The OpenSSF Package Analysis project identified 'sequoia-engineering' @ 2.2.2 npm as malicious. It is considered malicious because: - The packag...

5.4AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/06 7:2 p.m.13 views

Malicious code in uhd-setup (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8cd16b0b6896b16874da441b7197b846bf0c725dcff0ef2d6e8f93c6cc08fc99 package.json declares scripts.preinstall: node index.js. On npm install, index.js lines 4-5 performs dns.resolve and https.get against...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/06 6:13 a.m.13 views

Malicious code in phenopacket-store-toolkit (PyPI)

The package phenopacket-store-toolkit version 0.1.7 contains a malicious .pth file phenopacketstoretoolkit-setup.pth that executes a Bun-based credential stealer on every Python startup via CPython's site.py exec mechanism. The payload downloads the Bun runtime from the official GitHub release...

5.5AI score
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/06 6:13 a.m.13 views

Malicious code in mem8 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d2fc000f15b66037b67d503cef346f32d400b0cc704417b28ff6c559c9924d8f Versions 6.0.1 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed using B...

5.5AI score
Exploits0References4
Total number of security vulnerabilities5000