Lucene search
K

226591 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 6:10 p.m.9 views

Malicious code in n8n-nodes-security-test-poc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fa97d4701c29ef5305fa5b553ab560abd6db6cc33b72f99dc11621997b668f32 Package presents as an n8n community node but is an attack artifact. The node's execute in dist/SecurityTestNode.node.js queries AWS IMDSv1/v2...

5.3AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 5:4 p.m.8 views

Malicious code in lab-services (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4acaa72e3c14b79785540c878cb48f7a0cdc238d20ac9cebd6ffdd42061f6e7b On npm install, the package's preinstall lifecycle script node.js collects host identifiers from the installing machine — hostname, public IP resolve...

5.4AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 5:4 p.m.8 views

Malicious code in scan-only (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a7779ff21d9783e1026e13a7abf65e448c5f3d3d111f3cae539f3690e53a2b4 The CLI binary at bin/scan-only.js, when invoked e.g., via npx scan-only --diagnose, harvests installer-side secrets and ships them to a hardcoded...

6.1AI score
Exploits0References14
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 4:37 p.m.10 views

Malicious code in swift-parse-stream (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ab8561c6c561b045d817d4fab3aa0754ce7cd767a3c5ec07b95151dda6b92c8 swift-parse-stream advertises itself as an SVG sanitizer/minifier but ships an undocumented getPlugin export in index.js that, when invoked, performs...

6.5AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 4:37 p.m.10 views

Malicious code in quirky-token (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b263413912feb72882ee0b52e7025c636ed98472ba90e6db4714b3b111b4e2e8 The package is advertised as an SVG sanitizer but exposes an undocumented getPlugin export whose returned function fetches JSON from...

6AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 1:4 p.m.10 views

Malicious code in sodel-pych (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 95b8b8f54c9c2a4fa965e4a7fe7ea9c8f8ef1b5bcdd4cc1da7354d0ce2e8842f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.4AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 12:57 p.m.9 views

Malicious code in sort-btree (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6c3b0d783c53decf1a240f02276991c7c00a8b72f0d3988a7e86be90464da38d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.4AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 12:57 p.m.7 views

Malicious code in @ignacionunez91/keccak24 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cfec04815826725073e7a7203430d9019237923470f56874242b4f0c86a1ba91 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.4AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 12:32 p.m.10 views

Malicious code in qrcode-generator-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c2e3780245e75cd7c6d52efe4281c744dcfd740224d1d53a22228fb702a193e0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.4AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 12:32 p.m.12 views

Malicious code in express-validates (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 664bb6a50d7278e22231a68d44872634603c698fff31d31e787c86a3291603db Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.4AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 12:32 p.m.8 views

Malicious code in qrcode-express (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1b22e1bf641d5ee5ced5547dd7cdd0f0e6a3525bf029dc3f276e85bb3a013019 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.4AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 12:32 p.m.10 views

Malicious code in tailwindcss-animates-css (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f7250854be2f2ab8b43e62611a704a3c31d3f42180356e61955b4fc30fd2bcf4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.4AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 12:0 p.m.6 views

Malicious code in datapersistence-steppers-ai (npm)

The npm package datapersistence-steppers-ai published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registe...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 12:0 p.m.5 views

Malicious code in enzyme-optimization-bluetooth (npm)

The npm package enzyme-optimization-bluetooth published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 12:0 p.m.7 views

Malicious code in platformspecific-webgl (npm)

The npm package platformspecific-webgl published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registers...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 12:0 p.m.5 views

Malicious code in interaction-photos-infinitescroll (npm)

The npm package interaction-photos-infinitescroll published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 12:0 p.m.6 views

Malicious code in custom-save-area-block (npm)

The npm package custom-save-area-block published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registers...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 12:0 p.m.6 views

Malicious code in datapersistence-profiling (npm)

The npm package datapersistence-profiling published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registers...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 12:0 p.m.5 views

Malicious code in ios-save-area-custom (npm)

The npm package ios-save-area-custom published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registers...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 12:0 p.m.6 views

Malicious code in personal-custom-button (npm)

The npm package personal-custom-button published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registers...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 12:0 p.m.10 views

Malicious code in analytics-readability-gestures (npm)

The npm package analytics-readability-gestures published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 12:0 p.m.8 views

Malicious code in request-tracking-sqlite (npm)

The npm package request-tracking-sqlite published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registers...

5.4AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 12:0 p.m.6 views

Malicious code in dropdown-thread (npm)

The npm package dropdown-thread published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registers...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 12:0 p.m.5 views

Malicious code in jest-macos (npm)

The npm package jest-macos published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registers...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 12:0 p.m.6 views

Malicious code in framerate-interaction-permissions (npm)

The npm package framerate-interaction-permissions published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 12:0 p.m.6 views

Malicious code in flexbox-oauth-machinelearning (npm)

The npm package flexbox-oauth-machinelearning published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 12:0 p.m.5 views

Malicious code in macos-contentprovider-optimizingassets (npm)

The npm package macos-contentprovider-optimizingassets published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 12:0 p.m.7 views

Malicious code in streaming-downloads (npm)

The npm package streaming-downloads published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registers...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 12:0 p.m.5 views

Malicious code in virtualization-compression-collapse (npm)

The npm package virtualization-compression-collapse published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 12:0 p.m.8 views

Malicious code in pushnotifications-gesturerecognition (npm)

The npm package pushnotifications-gesturerecognition published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount i...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 12:0 p.m.7 views

Malicious code in buildautomation-touch (npm)

The npm package buildautomation-touch published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registers...

5.4AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 12:0 p.m.6 views

Malicious code in lazyloading-haptics (npm)

The npm package lazyloading-haptics published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registers...

5.4AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 12:0 p.m.6 views

Malicious code in notificationcenter-enzyme-jest (npm)

The npm package notificationcenter-enzyme-jest published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 12:0 p.m.9 views

Malicious code in font-picker-responsive (npm)

The npm package font-picker-responsive published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registers...

5.4AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 12:0 p.m.7 views

Malicious code in touchid-images (npm)

The npm package touchid-images published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registers...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 12:0 p.m.6 views

Malicious code in designsystem-vector (npm)

The npm package designsystem-vector published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registers...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 12:0 p.m.6 views

Malicious code in async-protobuf-av (npm)

The npm package async-protobuf-av published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registers...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 12:0 p.m.5 views

Malicious code in userinterface-machinelearning (npm)

The npm package userinterface-machinelearning published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 12:0 p.m.8 views

Malicious code in onesignal-hooks (npm)

The npm package onesignal-hooks published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registers...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 12:0 p.m.8 views

Malicious code in barcodescanner-reconnect (npm)

The npm package barcodescanner-reconnect published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registers...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 12:0 p.m.6 views

Malicious code in documents-widgets (npm)

The npm package documents-widgets published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registers...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 12:0 p.m.7 views

Malicious code in expandingcards-socket-virtualization (npm)

The npm package expandingcards-socket-virtualization published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount i...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 12:0 p.m.6 views

Malicious code in accordion-animationtiming-authorization (npm)

The npm package accordion-animationtiming-authorization published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component moun...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 12:0 p.m.5 views

Malicious code in request-performance (npm)

The npm package request-performance published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registers...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 12:0 p.m.6 views

Malicious code in actionbars-infinitescroll-searchbar (npm)

The npm package actionbars-infinitescroll-searchbar published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 12:0 p.m.11 views

Malicious code in profiling-keychain (npm)

The npm package profiling-keychain published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registers...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 12:0 p.m.7 views

Malicious code in firebase-readability (npm)

The npm package firebase-readability published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registers...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 12:0 p.m.6 views

Malicious code in socket-network (npm)

The npm package socket-network published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registers...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 12:0 p.m.11 views

Malicious code in backgroundprocessing-contextmenus (npm)

The npm package backgroundprocessing-contextmenus published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 11:51 a.m.8 views

Malicious code in @mastra/node-speaker (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 533edd2cc182364fb414aafe6f23015108d4464e3b5f929baf0360e271ec5f0e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.4AI score
Exploits0References1
Total number of security vulnerabilities226591