225893 matches found
Malicious code in ent-file-upload-widget-v2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3fa37bcf44d315b1004c09b9e7c5d2089e62db393cec4a977fed97b12e3432b The package ent-file-upload-widget-v2 was found to contain malicious code. Source: ghsa-malware...
Malicious code in queryservice-client (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 92aafbccc7065760e0127931c5150c59561f3b753ab9fe79dbcbdafd1aef97dc Dependency confusion PoC that exfiltrates also potentially sensitive environment variables --- Category: MALICIOUS - The campaign has clearly malicious intent,...
Malicious code in @vietmoney/react-big-calendar (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b38aebebed4a38e2464d8abb76fbda4a16d4cf03b372124ec3d069c63f6e79f2 The package @vietmoney/react-big-calendar was found to contain malicious code. Source: ghsa-malware...
Malicious code in awsutil (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 86d4af9fafbcfb6e3789a38b426c744e4ac67da10eb1fa225be3a715189fb1c2 Dependency confusion research package with advanced module-mocking --- Category: PROBABLYPENTEST - Packages looking like typical pentest packages, but also...
Malicious code in backstage-plugin-glean (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 824531546cd7527be37fc4aa5ca2020424a1ecf090eaba3a8974105871c0931f The package backstage-plugin-glean was found to contain malicious code. Source: ghsa-malware...
Malicious code in yunxohang4 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d338ce37d2952ccdcf9637c7dc760e409b9b046a0406e0aef49ef84d1ab6bf9 The package yunxohang4 was found to contain malicious code. Source: ghsa-malware aa3fc62cbb33b48a9dc4c66dd69e7a0ea084d25daf9ef0c90812126ac4d5f755 Any...
Malicious code in cc-raiesy (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d9156cfe8712328dc4de944c470b2da3184bc49c1c444febc9eccf20f1fd962f The package cc-raiesy was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in aiogram-sever-patch (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 0be41c08090971a10e54930628353748c82ed55c0f9795b26a932f806852fd4f During installation or importing the module, the package starts a reverse shell to hardcoded locatiom --- Category: MALICIOUS - The campaign has clearly...
Malicious code in livekit-agents-hedra (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 8391aaa11b2ae78ceba6cf6eea7b0671d2d21b32d838b94f4504afa13ea832ce Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in adril7123 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 07c158e65a09b5e455b852acb29ec1b107df59e30a6b3760fdbf3272532b64d2 The package adril7123 was found to contain malicious code. Source: ghsa-malware 94f91e9ba95b42dff0bf2cb7a9885e66ce64b1ff324967c5ed24203322917e15 Any...
Malicious code in secguest-react-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b76ab99d9a667e9700bb0176dde546ff3748b742775ea322766035a730391891 The package secguest-react-lib was found to contain malicious code. Source: ghsa-malware...
Malicious code in supply_chain_dummy_test_3 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f1963b5503ceeb0e8ed806c386f27edc1761eab24549419a8911a00f525b4a4c The package supplychaindummytest3 was found to contain malicious code. Source: ghsa-malware...
Malicious code in test_gem_978483406ebb19126a2e8c001649a4eb (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in stripe-rubocop (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in stripe-backup (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in redis_connectable (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in hockeystick (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in chalk-service (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in mui-wrapper-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 990f5534f23c3e77faec1b92be83c7827d3136d03abcfefd245b8fa4f987bd52 The package mui-wrapper-core was found to contain malicious code. Source: ghsa-malware ba2ba20b7b8b4a7fae1afa52854fe8be2f326067033269e32445cd20cbad44...
Malicious code in cloudy-uvi-sense-v11 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ff56869fcef2b46c119633fc140a8c99af63e3e4a7e05c5e75f3fc64213dbeb2 The package cloudy-uvi-sense-v11 was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in elf-stats-cocoa-workshop-459 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 362f3da17da5b5a6cbb8124715f6d31867664acc26b4bbbe8537ba02c9dc9677 The package elf-stats-cocoa-workshop-459 was found to contain malicious code. Source: ghsa-malware...
Malicious code in test-mal-npm-pkg (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 60f6f3e205b514fc5d9c6e98be4d3b0bf7049c38a0ff62e678584aaff50fc643 The package test-mal-npm-pkg was found to contain malicious code. Source: ghsa-malware d97b7f5012899a502ba9d154bc5f146717e56795f702823294ea3636b433c7...
Malicious code in elf-stats-ember-cookiejar-768 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64860e1be767b489bc4e42e9766a560535039c2fae91c6d067c1d0a52b7782f6 The package elf-stats-ember-cookiejar-768 was found to contain malicious code...
Malicious code in EffetMer.darkgpt (VSCode)
The package downloads and executes a hidden executable from a malicious URL...
Malicious code in fdir5 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0e6863b32353d63e9eecdc0ff2ce31db470ed49deb7ccdee067795e37e92bb72 The package fdir5 was found to contain malicious code. Source: ossf-package-analysis 5fbb878466820a17ee68843707334225006abad5203a6e4fbc61130d466028bc...
Malicious code in elf-stats-peppermint-stocking-949 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bbb5ceef86f21613919365dd7efa729077eba63c28b1d901abc6229022ea4d32 The package elf-stats-peppermint-stocking-949 was found to contain malicious code...
Malicious code in vitest-environment-jsdom-patched (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4e0d8ae07807d73026bd13988c3341aecf8375b53ae436d03f80110884c5d84e The package vitest-environment-jsdom-patched was found to contain malicious code. Source: ghsa-malware...
Malicious code in @productdevbook/chatwoot (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bda41100770824c109d5241de77b76c8a44d3ce71c841114d5f1d02131041ae0 The package @productdevbook/chatwoot was found to contain malicious code. Source: ghsa-malware...
Malicious code in @accordproject/concerto-metamodel (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1581131b6f7d752a2f26c167db5c144e33b737febc23f3e156f76a1b68e763ae The package @accordproject/concerto-metamodel was found to contain malicious code. Source: ghsa-malware...
Malicious code in jquery-bindings (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31127dd6191c9d3e68e94d705b43d24066f06f37b41f659a5a6831a8a811fc11 The package jquery-bindings was found to contain malicious code. Source: ghsa-malware eb6c4671167bd91b31b632f661a4bc8a3d627412796b9899fae3d0797eb51e3...
Malicious code in react-native-datepicker-modal (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 86014f2b55c2d58c217fd51ebbffc71cbc86fad9b13d443647f1cb11c19c7ade The package react-native-datepicker-modal was found to contain malicious code. Source: ghsa-malware...
Malicious code in @zapier/ai-actions-react (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0711da4a6c6d0dbc599d757b367430a63ae51f6f4fb48b6758fb21ba718b0778 The package @zapier/ai-actions-react was found to contain malicious code. Source: google-open-source-security...
Malicious code in @actbase/react-absolute (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ed7fad65f30e84a768e6bfde1db53365d73d067672f3722603eecc021adadadd The package @actbase/react-absolute was found to contain malicious code. Source: ghsa-malware...
Malicious code in @aryanhussain/my-angular-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector db21c30964586d84965ff2e4fd343156117c9f05c9ad2cfe6b1705d802862e13 The package @aryanhussain/my-angular-lib was found to contain malicious code. Source: ghsa-malware...
Malicious code in @posthog/rrweb-record (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 19ff125dfd13ba489699b36ca14acbab8e87eda739d43d9a31ef2a3a59903398 The package @posthog/rrweb-record was found to contain malicious code. Source: ghsa-malware...
Malicious code in zapier-platform-schema (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6a8e70a62a44d7da3a1f1caeeb67241d97ac421579751019149dbdce044bf6a The package zapier-platform-schema was found to contain malicious code. Source: ghsa-malware...
Malicious code in @posthog/cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 57662af8290901771cf534d8b1ca05ca88dfd84054580144d934f730549a4653 The package @posthog/cli was found to contain malicious code. Source: ghsa-malware e663c40b9060088ff86ea24eec083b9b5bf8afdec2e1963895e47e5177a673d1 A...
Malicious code in @ra-ide/tag-editor-frontend (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9c33209550ea4f214f4a53a91ca86598ef1ba273d7dae04de11effd081d8cd75 The package @ra-ide/tag-editor-frontend was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in spawn-webpack-nightwatch-slides (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 318806806d481ef740dd17c622bc164b94a295e29a9282fc7c00d3951dfeaee0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in mui-xerxes-proxima-cassini (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e1c12bceab74b6419a10feede58b31581319ad3c2259073f79ffd2d6f2445171 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in yakutsk-alphard-winston-nconf (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 42520c8dc3cb5fcd945016e4d3fca6d736c2b65f9e37c7c765d7c18be63ba45d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in beta-enum-notify-view-stack (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 61bccf3f703fef5887b6554bcd18352453f796633476d23cc246ea564274a9c5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in bunyan-areology-glaciology-charon (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3cfc2392c12292c74ee9da395bbd7057c863a1871c93f00572733f8d5995f513 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in boson-style-loader-less-loader-superflare (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cc2f50bd5b7c71fb5520c30b341fe247f8acbf2e602197b32e39a8de63489160 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in cressida-jwt-loglevel-fetch (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9c579391a28b717cc3bab01d83cefe0a9573ccb0c4b8dee4c27e98fcb9b1adac This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in compress-tau-enum-book-serialize (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 011955a099f66e34708fb647958242177ccdf3234a3a83ae84802211bc3be1f6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in radioastronomy-photon-eslint-apollo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a645989f783782e13048984e4e9fbd513842be85a2bee02ecbb304166d33afd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in pegasus-filament-meteor-impulse (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4aa9a3400f1241a8a8b6722778c946764f66a673ba27b0e9c822be836a418815 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in readable-enif-module-saturnology (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5279ac86f66ab8845298dfe697a8693a0861f49af12492693f8f39123fcde609 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in test-cache-rehype-backend (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c6d134b4980b93d8c9ca0986a32a823ed1185745ec35ae4127978f61c7e7324 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...