Lucene search
K
OssfMost viewed

226481 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/01 3:1 p.m.20 views

Malicious code in update-db (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b606e43d802d06fa7b5d14f020e7727886462320dd05dca09c16887b15d5a37 The package update-db was found to contain malicious code. Source: ossf-package-analysis...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/27 3:7 a.m.20 views

Malicious code in test1sharp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 870c745216e287e72f189910e8bd7369f6d6aedbabf85077bfe170b2d1e1de12 The package test1sharp was found to contain malicious code. Source: ghsa-malware c18dd124c0c097c8c6e277f7fd86c791a6d988ecb5545f5811c669e6c1269a95 Any...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/03 5:51 p.m.20 views

Malicious code in urllib-slim (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 acbcedbcc1d5bafffbb66128eae99b1fdc6c8e62b65bedd8f62ee2790919d972 During installation, the package starts obfuscated code that downloads and runs remote executables in specific environments. In some packages in the campaign,...

5.9AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 1:51 a.m.19 views

Malicious code in html-to-gutenberg (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6381496c1a275836b5d3c11ca7f141ad32f84b5263450bf5cb3c9a91289dcd1d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/10 6:44 p.m.19 views

Malicious code in check-error-util (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c25cbbb904c18028cac363ba66eb89d91301bd3204a8347834e52387b4b575e On require/import, index.js executes a top-level resolveConfig that reconstructs a URL from an XOR-obfuscated integer array, AES-256-CBC-decrypts it,...

6.2AI score
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 8:34 p.m.19 views

Malicious code in mcp-server-git (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4cf54d60f4aeb261f3b4c523293183b728b02bc20255aeab62d7f86c94adc7ed package.json declares postinstall: node index.js. On every npm install, index.js lines 14-29 reads os.hostname, process.cwd, os.platform, the npm...

5.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 4:55 p.m.19 views

Malicious code in tao-subnet-metrics (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e068049248bc5c0b4fc56cb68f5453aedf6d6cb494df9d8bba82ccc2da3eb3ad Package advertises itself as a Bittensor TAO subnet burn-rate Telegram alert tool, but the compiled extension...

5.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/06 6:13 a.m.19 views

Malicious code in spateo-release (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 21400e8510d0663de6c3a4454fe99d9200cb83ae8d1ecdc137c99f3668da4293 Versions 1.1.2 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed using B...

5.5AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/01 7:5 a.m.19 views

Malicious code in @emcd-vue/loans (npm)

Part of a coordinated multi-package supply-chain attack impersonating EMCD emcd.io, a legitimate Russian cryptocurrency exchange and mining pool. The attacker registered the @emcd-vue npm scope to distribute multiple malicious packages posing as internal tooling. This package was published 90...

5.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/30 3:57 a.m.19 views

Malicious code in polymarket-data (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a690aea77d0d48fae2a4f500f434cc5d4fb5cde042b7b902b0ee647b97921dc4 The package attempts to exfiltrate sensitive data related to cryptocurrencies and API keys, as well as establish persistence. Likely related to...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/29 10:4 p.m.19 views

Malicious code in argpras (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 40083a8e3e772fd09bb0fca7791e87c2b3edfefe3ad7495b34899b6a54b2b077 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/29 10:2 p.m.19 views

Malicious code in @rsi-community/hub-client-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1809bcf5bcd98744f995fb8ad94581a2708daa99f40bf4e4d563e17c5c81b4b2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/29 10:2 p.m.19 views

Malicious code in @cplace-project-planning-fe/cf-project-planning (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 092bbab646c6ffd8575fb87711545ad5052a18b9a78c3a70fccbecf8fbe5619a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/28 12:0 a.m.19 views

Malicious code in @cloudplatform-single-spa/svp-interfaces (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/28 12:0 a.m.19 views

Malicious code in @cloudplatform-single-spa/svp-pipeline (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/28 12:0 a.m.19 views

Malicious code in @cloudplatform-single-spa/svp-managed-kubernetes (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/28 12:0 a.m.19 views

Malicious code in @cloudplatform-single-spa/paas-redis (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/28 12:0 a.m.19 views

Malicious code in @cloudplatform-single-spa/svp-anti-affinity (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/28 12:0 a.m.19 views

Malicious code in @cloudplatform-single-spa/postgre (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/26 2:20 p.m.19 views

Malicious code in token-me-uk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a058b653e7a491fdf0c9128b4d2d408c2cdac6a1784adc5f02a0975a0e669eb The CLI in cli.mjs reads its API key from process.env.TOKENMEUKAPIKEY, falling back to process.env.OPENAIAPIKEY and then process.env.ANTHROPICAPIKEY...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/26 8:6 a.m.19 views

Malicious code in @godscene/web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e1bd83a63f0426cc7c4e1a68886c36ff47de093d9b7edc6b410d16c928be50c1 Package @godscene/[email protected] is a re-bundled copy of the legitimate @midscene/web at the same version, preserving the original description, README,...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 7:4 a.m.19 views

Malicious code in @qwedqwed/axios (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 65cc6ad7f5d72e7e50a4493915cc5b8ce23b39b6f25ca5515228be44695016ca Package @qwedqwed/axios is published under a scope that does not belong to the real axios maintainers but copies axios's README, source, homepage...

5.8AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/19 12:0 a.m.19 views

Malicious code in @antv/xflow-diff (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/19 12:0 a.m.19 views

Malicious code in @antv/g6-core (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/19 12:0 a.m.19 views

Malicious code in @antv/x6-plugin-history (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/19 12:0 a.m.19 views

Malicious code in @antv/g6-element (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/15 10:43 a.m.19 views

Malicious code in browser-interaction-time-demo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a76de4d97b4cff539b3c8793eae793a10581fc4379395a8d2528ab85eb098bd5 The package browser-interaction-time-demo was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/13 2:3 p.m.19 views

Malicious code in chai-as-streamed (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fef1582aa7fb15599bd48e6f077be4d1a577d3916cf2c2650893f0406ede8ea3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/13 1:21 p.m.19 views

Malicious code in puppeteer-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 280757b24c4ec5428a205e302200508a0438aa8f51e0a6ad95dbd3728f6a4db1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/13 3:9 a.m.19 views

Malicious code in github.com/BufferZoneCorp/config-loader (Go)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a4e4f74e90479d472a307d311d48214827e21cf93ecf9b0b62ff2cb72adb2c9e This package is a malicious packages part of the Go BufferZoneCorp and RubyGems knot-theory clusters. The packages in this cluster steal...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/13 3:9 a.m.19 views

Malicious code in knot-date-utils-rb (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a4e4f74e90479d472a307d311d48214827e21cf93ecf9b0b62ff2cb72adb2c9e This package is a malicious packages part of the Go BufferZoneCorp and RubyGems knot-theory clusters. The packages in this cluster steal...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/07 12:0 a.m.19 views

Malicious code in camelotlabs-sdk (npm)

Five packages camelotlabs-sdk, camelotlabs-core, camelotlabs-config, camelotlabs-worker, and camelotlabs-utils were published to the public npm registry at version 99.0.0 by the actor madman0619 as a dependency confusion attack targeting the internal npm packages of Camelot Labs. The inflated...

5.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/11 6:15 a.m.19 views

Malicious code in import-zod (npm)

The package 'import-zod' is part of the PhantomRaven supply chain attack campaign Wave 4. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server npm.artifactsnpm.com...

5.5AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/15 3:10 p.m.18 views

Malicious code in field-plus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0112dc4801bb261e86a2f68d5fd49b6c955bb4e82f872c72e61e49cc638ca91c package.json declares both preinstall and postinstall scripts that run curl against a hardcoded bare-IP HTTP endpoint http://3.7.226.146:9000/callbac...

5.3AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/14 8:53 a.m.18 views

Malicious code in ezllmgen (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d9ad551d9ee9ad2f3c29daab0377c3e52289324e938e28a3b58d71c60e8e15e8 setup.py downloads the first line of https://pastebin.com/raw/yBcUM1QB via urllib and passes it directly to os.systemf'cmd /c "cmdpastebin"' during...

5.5AI score
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/13 9:38 p.m.18 views

Malicious code in salesforce-sysutils-diagnostics (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 59e4ce1338f2439a1a5b2d257b96aadaef4a9c2883f6787343856728514bd148 setup.py unconditionally invokes curl at install time to POST the contents of /tmp/fake-keys.json to...

5.6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 7:16 a.m.18 views

Malicious code in 0x2ai-demo2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 98ee2445b2f0b01d2457cf45c188b310f58c98f3b676032f9c6213469f071239 On npm install, scripts/postinstall.cjs recursively copies the bundled payload/ directory into INITCWD the developer's project root via fs.cpSync. Th...

5.6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 8:34 p.m.18 views

Malicious code in mcp-server-notion (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0423928197ec83ac273fa4a1b66d9e75398b956e7d5027014ff6326c552a46c2 Package occupies the unscoped name mcp-server-notion to catch misrouted installs of the scoped MCP Notion server. package.json declares "postinstall"...

5.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 8:18 p.m.18 views

Malicious code in db-xorma (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1428486c71a3cd7d89ea90a17631bb5dc0fee7e11a6cbb4d8029a8b25268c7d2 db-xorma advertises itself as a reactive in-memory database library. When a consumer creates any Model instance the documented entry point, the...

6.2AI score
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/08 7:49 a.m.18 views

Malicious code in nhmpy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0b2d6b794431c52ef6b905eb676d70274a792cbca1b266a3405734a7a900860b Typosquatting package published from a compromised account with an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed usi...

5.5AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/06 6:13 a.m.18 views

Malicious code in coolbox (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c55bfdad112134e980af7568a9138be1e4b940f7bfbeebad2b0f85d9337a0f44 The wheel installs coolbox-setup.pth, a Python path-configuration file that Python auto-loads at every interpreter startup any python invocation...

5.6AI score
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/05 12:53 a.m.18 views

Malicious code in autotel-pact (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4037ca9204d792112d198342524b35664de796ff675a0dbbee14a33874b30d57 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/05 12:53 a.m.18 views

Malicious code in executable-stories-playwright (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a6c7977dbc054cdb7fe56da0d2fbd26e2a6fed695deb4263ccbf4adfedd86acb The Miasma malware is a self-propagating worm that spreads across the npm registry by abusing weaponized binding.gyp files to achieve...

5.7AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/04 8:49 p.m.18 views

Malicious code in hello244a (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e9bc9153129c6d11cd92a3d5bf7f772d768196014df7a42897d137d6da954085 package.json declares a postinstall script that, on npm install, 1 enumerates process.env plus os.hostname, os.platform, os.arch, and whoami output,...

8.3CVSS6.9AI score0.78684EPSS
Exploits21References43
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/04 4:47 p.m.18 views

Malicious code in sf-silly-goose-requests (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d1b2d16ce881d1e9b356ed424f8144ce9324d09010efa8761ad13ac8a46e7b60 Package uses trufflehog to detect secrets and exfiltrates them to a hardcoded location --- Category: MALICIOUS - The campaign has clearly malicious intent, lik...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/01 12:0 a.m.18 views

Malicious code in @redhat-cloud-services/rule-components (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/31 3:22 a.m.18 views

Malicious code in cscc-glass-house (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 20f53888d08d0aa70146b50e8dc761373490363f9081ea0adb9fb93cfd2b6240 Package implements exfiltrating credentials from cloud environments to a hardcoded location. Some code parts suggest it may be part of a CTF. --- Category:...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/29 10:9 p.m.18 views

Malicious code in midoss (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 73bce73a188c2742f2c66ec85906c0bea50468d8c606fd6d38d4ea5698119007 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/29 10:9 p.m.18 views

Malicious code in customerdigital-service-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d58926a994bd05ac4db3c984f96186b2d52da1235a3f56f34843c01dd2246408 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/29 10:9 p.m.18 views

Malicious code in appkit-react-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 49e8fbd1c8061ffedb22f37a8fa90ca96d9830f45d7d318f421681c558aec29d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
Total number of security vulnerabilities5000