Lucene search
K
OssfMost viewed

226442 matches found

OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/03/18 12:22 p.m.•8 views

Malicious code in sq-minimal-feature-flags (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/03/18 12:21 p.m.•8 views

Malicious code in rubylogger (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/03/18 12:21 p.m.•8 views

Malicious code in resolvrtest (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/03/18 12:21 p.m.•8 views

Malicious code in rafka-rb (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/03/18 12:21 p.m.•8 views

Malicious code in doctolib (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/03/18 12:19 p.m.•8 views

Malicious code in suficloud (PyPI)

--- -= Per source details. Do not edit below this line.=-...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/03/18 12:17 p.m.•8 views

Malicious code in prometheus-analysis (PyPI)

--- -= Per source details. Do not edit below this line.=-...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/03/18 12:13 p.m.•8 views

Malicious code in elleuchdhsolvepwn (PyPI)

--- -= Per source details. Do not edit below this line.=-...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/03/18 12:10 p.m.•8 views

Malicious code in bsure.utils (NuGet)

--- -= Per source details. Do not edit below this line.=-...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/03/18 6:42 a.m.•8 views

Malicious code in rowrap (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 606ce541a3ef4a98e4e1639e96c6431e7ec83be6f987c640a63c03991eae4f6e The package hides code to download and start malicious script containing malware, identified as adware. The triggering method seems to be PTH file, although it...

5.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/03/17 3:9 a.m.•8 views

Malicious code in ember-power-calendar-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55191162c66f85fd90f4c2bb6354b569a7ab7cdc6a380289defcc8be784ed434 The package ember-power-calendar-utils was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/03/17 2:54 a.m.•8 views

Malicious code in graphlib-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6fc5e5e2ae1439a28be92e99758c3253bf2bd09a568712a5d0725553b4836eaf The package graphlib-js was found to contain malicious code. Source: ghsa-malware 375768659fc55b18acf652226fabd9052c10c4f88d36f150317532bc8661df13 An...

5.7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/03/16 2:49 p.m.•8 views

Malicious code in n8n-nodes-format-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3b8b8fc0a97b9f9e3203a35534d7ff6518dbe0e53753093610315382e5f40b0e The package n8n-nodes-format-utils was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/03/16 11:54 a.m.•8 views

Malicious code in @jaime9008/math-service (npm)

Package classified as malware due to code obfuscation, use of eval for code execution, and a low number of published versions. The file lib/lib.js contains same obfuscated malware dropler as malicious react-refresh-update package, the author is same for both pacakge. --- -= Per source details. Do...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/03/16 12:0 a.m.•8 views

Malicious code in typescript-vue-apollo-smart-ops (npm)

The package 'typescript-vue-apollo-smart-ops' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

5.5AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/03/16 12:0 a.m.•8 views

Malicious code in transform-dev-warning (npm)

The package 'transform-dev-warning' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

5.5AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/03/16 12:0 a.m.•8 views

Malicious code in vue-scoped-css (npm)

The package 'vue-scoped-css' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server npm.jpartifacts.co...

5.5AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/03/16 12:0 a.m.•8 views

Malicious code in transform-member-expression-literals (npm)

The package 'transform-member-expression-literals' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2...

5.5AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/03/16 12:0 a.m.•8 views

Malicious code in transform-modules-systemjs (npm)

The package 'transform-modules-systemjs' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

5.5AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/03/16 12:0 a.m.•8 views

Malicious code in transform-react-jsx (npm)

The package 'transform-react-jsx' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

5.5AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/03/16 12:0 a.m.•8 views

Malicious code in @storylane/uikit (npm)

The package '@storylane/uikit' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

5.5AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/03/16 12:0 a.m.•8 views

Malicious code in transform-es2015-duplicate-keys (npm)

The package 'transform-es2015-duplicate-keys' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

5.5AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/03/16 12:0 a.m.•8 views

Malicious code in transform-for-of (npm)

The package 'transform-for-of' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

5.5AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/03/16 12:0 a.m.•8 views

Malicious code in transform-typescript (npm)

The package 'transform-typescript' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

5.5AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/03/15 9:34 a.m.•8 views

Malicious code in dgl-cu117 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4f9fcfe9f469df3c132eca5b08bac4a30c146c7b1305f506fd900b1e78581b0d During import, package decrypts and runs a malicious executable. The executable is hidden in an encoded and xored form in the JSON resource file. This is a...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/03/13 8:20 p.m.•8 views

Malicious code in fastapi-middleware-cors (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 305178589615e2247b892b3e305e5fd69a0fc02092f0b115b6b384441f5ddd46 Library disguised as FastAPI helper is executing obfuscated code during importing the module. The code is highly obfuscated; the code seems to contain an...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/03/13 6:47 a.m.•8 views

Malicious code in tradepmr-fusion-core-drzak (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c349b8764d0420102fac6617d31810af64e670f6939bed61097a46458ab41c4 The package tradepmr-fusion-core-drzak was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/03/12 6:9 p.m.•8 views

Malicious code in spectral-corsair-my-backdoor (npm)

Malicious package detected. Suspicious preinstall script exfiltrates data to a remote server. Multiple YARA rules and LLM analysis confirm. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0826a28f7948e68cdddd6260a01c3653a7f04deb2c9368054243ed47713ee353 The packa...

5.8AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/03/12 2:18 a.m.•8 views

Malicious code in libsignal-mod (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 211e000c840d09f14adc470cd83c124e8a4e49249e78c8a759693e3678c63da2 The package libsignal-mod was found to contain malicious code. Source: ghsa-malware bb9ca486dd8fcc83473d13eb8fd8c5f8881d2be2d8301a167de2d40ad8513c51...

5.7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/03/11 12:41 p.m.•8 views

Malicious code in collectables (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e007c43e26edb912325f1478ec6cd5cd838b5d7e5ae62beedd3baa02638b3dc4 Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...

6AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/03/11 7:44 a.m.•8 views

Malicious code in anontest123 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f4d47757d3ee2d0dde7ed82934a06bf64343c344a7b090cf77f05dcd73f813a5 Installing the package starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/03/10 1:4 a.m.•8 views

Malicious code in iron-fit-behavior (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 67d3440b6e1d8f6bfca21cf53c207a766d966cc2ba5033d8557c044c91a8b950 The package iron-fit-behavior was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/03/10 1:4 a.m.•8 views

Malicious code in iron-media-query (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 548ed1fd1be98d1ed340a991d8db46117cdd8cdd2a43f625408015ed6714d778 The package iron-media-query was found to contain malicious code. Source: ghsa-malware 159ebd19facb8454d0a41a0815dc3f3c0516dfc4f7a7ac22c5ea3f106fd008...

5.7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/03/09 10:44 p.m.•8 views

Malicious code in jsonify-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7a8aa1030a7553e5aa40c2770df5c5945ccce7110fbe89a5931b7003453aa08d The package jsonify-core was found to contain malicious code. Source: ghsa-malware 15401bad013f01305211dd3ab1307a4ac9383ef3846645fd154ab648ce77e956 A...

5.7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/03/08 4:29 p.m.•8 views

Malicious code in demozecosse (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1fd7840785d53d90edc61c6138072f4ed7a01b35dd05d76d9d6f5343ec93bff7 Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/03/06 5:1 p.m.•8 views

Malicious code in hostlists-plugins-default (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 21b72625bb74661ae95d3317fe4384105bb6dd6d026b049f84a192aeeeeae9df Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/03/06 2:37 p.m.•8 views

Malicious code in @shenira/baileys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3952357e13678bb1abb18600854c622a3c5596cff93e8cc3ba309a6f51fccb1f The package @shenira/baileys was found to contain malicious code. Source: ghsa-malware a2914e7416552719c1008f077553702efc5d7710bc760aa34eeaeede86535b...

5.7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/03/05 3:50 p.m.•8 views

Malicious code in pearpass-lib-data-export (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd09913040448b75ce4023605c2191efccf04f01c8e894d4044e8ee3a04fa67c The package pearpass-lib-data-export was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/03/05 3:26 p.m.•8 views

Malicious code in nf-referral-backend-placeholder (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 44ad77b1a6ac52b4914c8516043f3f52e27f4a328b2940bf5b4d9c63e66662b2 The package nf-referral-backend-placeholder was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/03/05 3:5 p.m.•8 views

Malicious code in spectral-corsair-navigator (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4faab7d9e9e24067cf0a0ef23c529b2622cbb91b654a35430742ec584b827a54 The package spectral-corsair-navigator was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/03/03 11:29 p.m.•8 views

Malicious code in dakhara (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f530f4be41fa64a7275884280c22fb98a85accb8ef50538cd7677a109bfe3e29 Running the package automatically starts a Telegram bot waiting to execute remote commands. The bot credentials are dynamically collected from the pastebin. --...

6.1AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/03/03 6:2 p.m.•8 views

Malicious code in optimal-spark-config (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a1c1bf78d6e3b593fd29329b4175a48c645abf4b4b63e93db68f25221329d14c During installation, the package starts obfuscated code that attempts to exfiltrate some basic information using DNS requests and then likely cover tracks by...

6.1AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/03/03 3:23 p.m.•8 views

Malicious code in demo-pipelinetest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8cdbe67e8fa0e92aa8f588916bbaf7b0c041cd6613636172f671c1a6251df15e The package demo-pipelinetest was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/03/03 11:19 a.m.•8 views

Malicious code in gaia-marionette (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 81308c35c4cad5bf3f87f791133f9aff53485b715060135829785be1d33b2e1d The package gaia-marionette was found to contain malicious code. Source: ossf-package-analysis...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/03/03 6:43 a.m.•8 views

Malicious code in turbo-json-parser (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a239b53ed6cbc1e72aac660afa08204b9de36dae39068c30cf175ddd390b4fd1 The package turbo-json-parser was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/03/03 6:42 a.m.•8 views

Malicious code in typescript-constructors (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 844c09a21118cd1492d232a90aba55fce7e45e4558fe560c47b8a8c347138b89 The package typescript-constructors was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/03/03 6:42 a.m.•8 views

Malicious code in tailwindcss-forms-component (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66a402948dc389c4a201ac4271a843d78a5131d377a3904fe178b51c6aef5adb The package tailwindcss-forms-component was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/03/03 6:39 a.m.•8 views

Malicious code in bmath (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b73a3f9e6d238ce5727a57fc31cba103d7e055670b067f001099b8f0c487519b The package bmath was found to contain malicious code. Source: ghsa-malware c3d39abb57e51336f455810ef3c907094fe6636bd1c6acf046edfa02720968d6 Any...

5.7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/03/03 6:38 a.m.•8 views

Malicious code in @powpegtest/powpeg (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0acf5c813243b7a0b83c02048de4112604eb9ad97d612f3822206a0cfbf174ad The package @powpegtest/powpeg was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/03/03 6:38 a.m.•8 views

Malicious code in demo-ip-package (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 94f9378de5524843952c850c47aae7cc5373145c2b41032b764da720e9a0656f The package demo-ip-package was found to contain malicious code. Source: ghsa-malware 9377708b245cac5b751ac6dc75d9218b993bcb4cebed6f2049a542868f5df31...

5.7AI score
Exploits0References1
Total number of security vulnerabilities5000