225888 matches found
Malicious code in es1int-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 09abead9af9906c0579f5cce39e4e75fd445a6edaa1a5380db01ad7dd1e274f8 The package es1int-config was found to contain malicious code. Source: ghsa-malware 3eb94b9e72fc93f339c87b961f88c598fb78ecd2d5e4aad405d17c7eb3d513b2...
Malicious code in chai-tools (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 27a98b20486f7e7fafdfb30cb31c6f9aaf7d2e05e776a7d59b09dfd9db11e12f The package chai-tools was found to contain malicious code. Source: ghsa-malware cd9e9e8b30b139d7ad4bcef06753d2e9b1896845322a40e0cf0ff862adbcb3d8 Any...
Malicious code in es1int-re1ease (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e956be3193d45095a913fddc50d7cfaa4954268fb94b94c2234ecbdfedf20a9 The package es1int-re1ease was found to contain malicious code. Source: ghsa-malware c78523a62c16466f08157a46028124f655a0bf4e92f9b7f64eef705b40c99086...
Malicious code in ultimates-express (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 199dbb458ff55c6d08022e6326014d56aceb99ef7748d6e898a6faac9bff201b The package ultimates-express was found to contain malicious code. Source: ghsa-malware...
Malicious code in request-httpx-9 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d8547656202b4eac0d914d466c2fe1d3bf17210c63af75ac2d8e020f5d0ef28c The package contains a Telegram bot running allowing for remote access. This functionality is disclosed in the readme, but the package name clearly indicates...
Malicious code in cnnct-eaas-corre (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: oracle-using-macaron 2111dcd49405f8c078842cf7af9cfe21ddb54f558d66f2949da752d0e62cddd1 This package appears to be a typo-squatting attempt targeting connect-eaas-core...
Malicious code in scraper-npm (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5705e85e8288aeffbfe964329624dcbb5b2e30cebb0023da5b605ee5fb0aef4e During import, the package exfiltrates files especially .env and JSON and eventually configures a backdoor by adding its own SSH key to the authorizedkeys. ---...
Malicious code in tensorflow-opt (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c2197ee3bfb727ff46f407a50a515013ad05c423bfe202eea90eb6b593f08b14 Package is likely a dependency confusion against some legitimate extension packages for TensorFlow but contains just cryptominers. When calling the "start"...
Malicious code in trunket-dev-driver (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 9ed872a63bcf6182fad3d7b6cfbe87019ff531f1ecff3a511b10371479c79810 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in iruchache (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c89a5662924927fa4f51ea9338e9e71722d8554754b9c6a42d20651fbf209ed1 The package iruchache was found to contain malicious code. Source: ghsa-malware b44470c4008c04639889f53b9b4ab430335013659859007be3c55f551d2d68a9 Any...
Malicious code in web3tool (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 50b63ced7e162150a14fbfb557df8683707b72b361caf1243a14468fd910a036 The malicious code is in the ethrpc-keys package, which is a clone of legitimate eth-keys, but contains a modification that silently exfiltrates the user's...
Malicious code in polyclawd (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 1f994af0e1b17c0d30e950a5aef9a45d8e34f6f59ab45fadddb05b340ed5cdad The package is prepared to download a hardcoded executable and save it in %LOCALAPPDATA% under a very generic name, clearly aiming to hide its existence. Code ...
Malicious code in webpack-vite (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6f7b28a9002453a46c97bba5ad0790e13ba1ba656971e78de46edf6efcd53154 The package webpack-vite was found to contain malicious code. Source: ghsa-malware cd525d679fa448615bd48fe06d94f5cd6d94cb97f6ae72ae6afbb179027cce9c A...
Malicious code in alibabacloude (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c45df7f85cfaba4bf141f0a17ba2d0987e080131bab1f1233798a1287d63fa7f Series of packages impersonating Alibaba Cloud. Two oldest hide code to run obfuscated code, but are likely to be used as dependency as the obfuscated code is...
Malicious code in groq-ppe-pkg (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 517d20a09a1e53ce02484aa25ab2483ef75022e96f76d72fe3125bc1e16a359d Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in strands-agents-anthropic (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b86e2f5ba17218d5e9377627cc2c437009cc3dc7c6615c87b8317995614288c6 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in responsible-ai (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 05c11d73745aba3675053c5e949e3d5cf48ec050f6c5df589f613c094a8a038e The package responsible-ai was found to contain malicious code. Source: ghsa-malware 9b9159173d856834d97152b44c3f78779ff8f3dd4368b5d113920865417044c3...
Malicious code in open-answer-engine-frontend (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c367c12ff794a5b5d5562c0a1a8ab6225007fc76fc23310d8ddc33dda56b8112 The package open-answer-engine-frontend was found to contain malicious code. Source: ghsa-malware...
Malicious code in responses-starter-app (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 83a4aedeb600114d998f8a0351978f589d1d3e9d55ebe061e7d25e95db19d2c7 The package responses-starter-app was found to contain malicious code. Source: ghsa-malware...
Malicious code in xsstesting (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0f21a18d9a86ac4934f1f0b7970e4530834a2fedfa1c2c3abbd3e2d3e3c664f9 The package xsstesting was found to contain malicious code. Source: ghsa-malware f0cd84b068f1b6a6bf2ac129128c0e052ca218788bc569eedce535a479333fc4 Any...
Malicious code in acpi-tables (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7388183e13e400f894ed9f6f93e05049f6f4719b1610d7c26a8b52bf88901266 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in arrayvec (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 39346af7e82bdb4aa8dca53b864258b9ffe328ea982aa3009b62b84d174ebe29 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in stylelint-recommended (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d3f0d274dda57eb9c09967bc0bfad1709fd8ddcbf3ec4c0e7e9828826e6d0d9a The package stylelint-recommended was found to contain malicious code. Source: ghsa-malware...
Malicious code in ritch (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 bc0d5c6c0c3175de2d5def02fe422574cfee5f7fe3a88f894de7122aa9dcf588 Package is a typosquatting or dependency confusion attempt with a low-harm local-only action, like leaving a flag file. --- Category: PROBABLYPENTEST - Package...
Malicious code in pydantics (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 dda36b358c57e79abf804d53d4750cf2836f930b07aa524c0b5c4d231d92143f Package is a typosquatting or dependency confusion attempt with a low-harm local-only action, like leaving a flag file. --- Category: PROBABLYPENTEST - Package...
Malicious code in pandaai (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 df1ebe5561b29a204a7e66d7c192f0f6e3814311636ca14cdeffe47b8f812810 Package is a typosquatting or dependency confusion attempt with a low-harm local-only action, like leaving a flag file. --- Category: PROBABLYPENTEST - Package...
Malicious code in python-files-mod (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 3f9a5cad398dbfcea1ea0ed1a7b20c678a67941581a4562aa92703ac86ee421a Disguised as file system manipulation library, the package hides an obfuscated code to communicate with a Telegram channel. Though the usage is not known at th...
Malicious code in realestate-atlas (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6230992468654fdc80201d169ead3ce06356bb7cf36f8367f076d438035959a5 The package realestate-atlas was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in dev-pipline-test (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 20dee9221f632983ab927b06c661fda3edf9bea9f5369620acdea3631511876a Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in json-mapping-sources (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 77824e69a815d8ac27a50bb52fa0a39fe2c7e512e6597d3aefd500b0eae847e8 The package json-mapping-sources was found to contain malicious code. Source: ghsa-malware...
Malicious code in ctf-pipline-test (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 083eedb7c9187410d3470ab27415ee2e6a7683ef92bafce123198ce9882e07a4 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in @skyeng/libs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f4b92505d9c0107026c2298d6ec8da504657990b61e40754b62b2cb8e1bd5a0b The package @skyeng/libs was found to contain malicious code. Source: ghsa-malware b4801b107979e502d4889dc729885a390ebfc2db995cd1b2fd23d27e09613a1b A...
Malicious code in carcent (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 6672d1df7a6035da8ee0a2c7a4ed9e7e5bace551e5948fd2e7d7d31a18410a1c Package collects and exfiltrates Discord credentials from multiple sources --- Category: MALICIOUS - The campaign has clearly malicious intent, like...
Malicious code in @rsgweb/modules-core-feedback (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45c68d1fafad6a94ebe843e20901dd8e5251d0b27b963d07e71ecefbd16c7465 The package @rsgweb/modules-core-feedback was found to contain malicious code. Source: ghsa-malware...
Malicious code in @rsgweb/rockstar-account (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd40e663999d2780e2e131fd5da090045d623032e6c51db70d0bd65cf583101d The package @rsgweb/rockstar-account was found to contain malicious code. Source: ghsa-malware...
Malicious code in @rdxportal/ui-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f6715dad49a0781dc55e72ae77bd13276de1564d08cfd1c0a3c3aebf37b72acc The package @rdxportal/ui-components was found to contain malicious code. Source: ghsa-malware...
Malicious code in @hashicorp-internal/vault-reporting (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 85e2c508de22734977cac24ec430b5cfece85e6367f577df76caa740b5594eb7 The package @hashicorp-internal/vault-reporting was found to contain malicious code. Source: ghsa-malware...
Malicious code in p7zip-full (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 af6725a21a64c36ce8e101fd062bb45cb87fdb8cb62df47538390c6c1fc4323c Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in ppe-test (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1914d3cfcb631f551660417c0441d7e6eb3929ee6c4cadd6088e551462ead553 The package ppe-test was found to contain malicious code...
Malicious code in ac-dom-nodes (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b323cec1a59645d9dcb2c0951a0f7d31b362ac58e4f930306a940ed67037b20d The package ac-dom-nodes was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in ac-polyfills (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0a7d9d049932519bded5d12b8627523ef63dac69179b1ce873cf4cd8b7fe6849 The package ac-polyfills was found to contain malicious code...
Malicious code in test-npm-style (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 38db992411a56d07cbda15c79d3428dddd769488313604ade2606f11da3e6e4c The package test-npm-style was found to contain malicious code. Source: ghsa-malware d89c00ba3209ce1a4f9ffd6f70034eacdb716fcd4d36b0a7f51bca6ad53b9392...
Malicious code in pipelinepoision-test (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 30985e20ed386fc211690f5618db078ae8c782039fcc36d1109955b74c3251ff Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in conp-dats-editor (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector adac2b3e811707a0113ec1484330ebada12a632966c81143eab49233e87cabbf The package conp-dats-editor was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in @jes4l/react-pkg (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dbda4aa24c8a13be0d237b206780fc2feb5778e65cebf430e2124e49a390cdde The package @jes4l/react-pkg was found to contain malicious code. Source: ghsa-malware 2bd5520cca8e57269ded7f69993dc5257f9085a6706d01d7bc60b17ec80534...
Malicious code in @purecore/rabbitmq (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0e503973dbf2c860017e4ea8118ddec5cd43a537c32eb8fca24ac544a86d8822 The package @purecore/rabbitmq was found to contain malicious code. Source: ghsa-malware...
Malicious code in react-count-sync (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0bf23710693921f6b69d38cf0abd8fa7ce2f181bfa2df9fa9777f59e0e4954e7 The package react-count-sync was found to contain malicious code. Source: ghsa-malware 9a44b72820f2af0bcbd60f65787e0707617e4f7428aa2c9407bec9f8decb07...
Malicious code in remark-gfm-v4 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3eb645996981f1453b9049a0d97b6f0b6c7ff4cadc29d4ccddd7f48cd65cbb21 The package remark-gfm-v4 was found to contain malicious code. Source: ghsa-malware 10eecf76003bd92639bb172deaa68448c44a5899c772fdcce927765011d807eb...
Malicious code in tailwindcss-forms-kit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4c160bdf4857d48ea8df8ddf468e5a63432a60ced853eff31cbc5093966a044f The package tailwindcss-forms-kit was found to contain malicious code. Source: ghsa-malware...
Malicious code in graphrix (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 999c8394a8d5c821b17e5e5574f8d881c1281de19cc1df8af7f5dc82efe8a57f The package graphrix was found to contain malicious code. Source: ghsa-malware 88b6625fcbb125b7b3432974b307d94dfbe798496eb8285a739807f9d4b413a2 Any...