Lucene search
K

226511 matches found

OSSF Malicious Packages
OSSF Malicious Packages
•added 6 days ago•4 views

Malicious code in decimal-format-core (npm)

Malicious npm package published as part of a coordinated DeFi-themed infostealer campaign. decimal-format-core uses a dropper technique: a postinstall hook executes scripts/install-check.cjs at install time, which fetches a second-stage infostealer payload from the C2 domain logstream-api.online...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
•added 6 days ago•4 views

Malicious code in console-fmt-cli (npm)

Malicious npm package published as part of a coordinated DeFi-themed infostealer campaign. console-fmt-cli uses a side-loader technique: it declares decimal-format-core =3.0 as a dependency, which contains a dropper that executes at install time via a postinstall hook. The dropper fetches a...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 6 days ago•3 views

Malicious code in thirdwebb (npm)

Malicious npm package published as part of a coordinated DeFi-themed infostealer campaign. thirdwebb is a typosquat of the legitimate thirdweb package. It uses a side-loader technique, pulling in log-taker as a transitive dependency; the infostealer runs automatically via that dependency's...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 6 days ago•5 views

Malicious code in thirdwb (npm)

Malicious npm package published as part of a coordinated DeFi-themed infostealer campaign. thirdwb is a typosquat of the legitimate thirdweb package. It uses a side-loader technique, pulling in log-taker as a transitive dependency; the infostealer runs automatically via that dependency's...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/06/29 4:53 p.m.•6 views

Malicious code in @webda-infra-ui/static-images (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware de6fbd351b23560deb43b329757a782a6a013aa836ad3c2c221e38e3063af467 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/06/29 4:53 p.m.•8 views

Malicious code in @bscom/styling (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3b4a6eb2b93e7ac0b6e45f2cc44f23127ef61b7d605b6c64f6bcbc58bdbe4543 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/06/29 4:53 p.m.•9 views

Malicious code in @digitalpharmacist/http-error-util (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bd3874246d23d6027bd09962515c8e79a0246740ff5fc6f853270c0a40271d18 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/06/29 4:53 p.m.•7 views

Malicious code in @concerns/i18n (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b727ee2cbb3fadb59ee0ec7febb6db24f25e775ee3957c6765800a61de44289f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/06/29 4:53 p.m.•7 views

Malicious code in @sixt-payment/form-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d313848c4f3389f9778f070aa4c9a198c6cc7e5eb4b9a56b3d3d7cf87569d3c9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/06/29 4:53 p.m.•7 views

Malicious code in @deel-ui/animation (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 40504b8c9169f5f475a82e0a1e5177c78446954bd6730123eedfcdc5c502ff71 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/06/29 4:53 p.m.•6 views

Malicious code in @deel-core/client-payroll-onboarding-types (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3dfba47c3f4cac91620ccf85b9ffb1923927bd4489f5a4710c89e1d693ac2e61 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/06/29 4:53 p.m.•7 views

Malicious code in @bc-workspace/utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 323563f29fc05fbe5d3e9ca092294dedb76de8f32d8b4dee932158bc1ba9a206 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/06/29 4:53 p.m.•6 views

Malicious code in @contentprod-authoring/block-manager (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fa028931eef026447363bc2ef44ace207f4f3226de4289e354d26d730fa28186 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/06/29 4:53 p.m.•6 views

Malicious code in @alerts/components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a825df408053d3df39c8fe0790b9e99ef97e51f60765549e1931709b86fcf30b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/06/29 4:53 p.m.•6 views

Malicious code in @bodata/angular-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 28f93eec356e10b6e8b5f9598bbd31476544c4286e5ceedea58ffa3a84cb6569 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/06/29 4:53 p.m.•7 views

Malicious code in @cseo-hr/trpweb-shared (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 271a8aa7172a0963e8bba9cbd4118bb42bf9604b18f38dd42e68222cffc6fd5c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/06/29 4:53 p.m.•9 views

Malicious code in @appsource/utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c331702ce64d0b03690c358afdf91a71ebfd87cccde0e69fd6934a690210cfc3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/06/29 4:53 p.m.•7 views

Malicious code in @postman-app-monolith/renderer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b4ea9912817d4d94e8b97e2b588237f3f2cddc29058e81d8958ec78b4b90d961 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/06/29 4:53 p.m.•7 views

Malicious code in @react-thee/rapier (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e3ff6174738ebdb9310458f1c0d1a21241a9ca718b0a8f40748956ff81544daf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/06/29 4:53 p.m.•7 views

Malicious code in @postidigital-feature/oneaccount-orgadmin-front (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4060c39db80353eb81ccea4c782c16b519931e13da0c78633fabd465d31df052 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/06/29 4:53 p.m.•7 views

Malicious code in @tbe-ui/ides (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cb1396e277691530f1b9a5a14342e1241fe233ecf516574059f34f8df36dca61 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/06/29 4:53 p.m.•6 views

Malicious code in @planetlabs/admin-ng (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d602ccb24801de0e8aaf3bee4502df3355a4c592df876f322792873259d084a1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/06/29 4:53 p.m.•6 views

Malicious code in @report-portal/service-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d7cda87aca7d018bc03c6897a4b7a1a849ffc93490d449277055972f54577444 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/06/29 4:53 p.m.•7 views

Malicious code in @druidsoft/botframework-directlinejs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 34ac6d117d0531ed668bd8df71233c07089b14c644a9403ee479976d75951fcb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/06/29 4:53 p.m.•7 views

Malicious code in @contenteditor-shared/content-editor-common (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d9fc086285355b04152703d1c9de2c2a48e3b70580c5f8cb02fa60918e52f47a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/06/29 4:53 p.m.•7 views

Malicious code in @cxp-shared/string-utilities (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d2cd735ed6a2711ca0dfcb8cb4fee948afe5e923d6b56743b3fd7ee922bd8d14 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/06/29 4:53 p.m.•7 views

Malicious code in @hg-aka-prml/tapas-common (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0283140e8754f9cdc894794ae19307cf6235508d8f8cc75d97b900c1469d9393 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/06/29 4:53 p.m.•7 views

Malicious code in @orbis-lr-sdk/orbis-lr-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 447ee314f32023031250cefe4570378f31d8055a02384eccecb5c288ae6e2405 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/06/29 4:53 p.m.•7 views

Malicious code in @ms-ows/logging (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b7ffaf65611a7bb55512d442ab6d19f3b1c702db0224b994e0b80df4f30e1dff Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/06/29 4:53 p.m.•9 views

Malicious code in @e50/utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 10a4c9b9b6682e1c953dc27df1a9f353955b087e65f242c7d03a20f32341dc87 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/06/29 4:53 p.m.•8 views

Malicious code in @meego-progressive/cdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5a7205f38cfc6908e42b221ffcaf5118f3ef9891d4b1cc7c0798411cc7b0b349 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/06/29 4:53 p.m.•9 views

Malicious code in @ddh-libs/analytics (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 028c5bca22de48852fc2a515c4b82b332dac1ed117810a31a8298c1748c5db09 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/06/29 4:53 p.m.•7 views

Malicious code in @fed-sofia/jetify (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d52f83f746279f72c9c00fb264e4187de8c611e0d0dcd3d24ac98cfed4618f5d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/06/29 4:53 p.m.•9 views

Malicious code in @img-hls/vtt.js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ad530c5830e0148f1b5b34ac28336c1b1468d5a11ffa2ff265368e13199cceb4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/06/29 4:53 p.m.•5 views

Malicious code in @content-editor/common (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware af120addbb0e18e1202a82729c25dc190dba070fee695cc22bcb91c7eea6ad25 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/06/29 4:50 p.m.•6 views

Malicious code in @sentryx-libraries/auth-interceptor (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 774e35b0d1dd89d33c2121f90c2d7c3d6a8ecc7165396d63db9416c03c284250 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/06/29 4:50 p.m.•6 views

Malicious code in @multformats/multiaddr (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c3ff8f79934c43d48f410746d2fe1a9244365c8bac615e7552dcedbfae15b900 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/06/29 4:50 p.m.•7 views

Malicious code in @live-backstage-im/communication-chat (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ad217e6f53767b755ad267a2052b4bc35add8ba6cdb6532dfec034c83e3d3426 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/06/29 4:50 p.m.•6 views

Malicious code in @partner-apps/ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 91a55f75e5401bc702943c887c3e72fb80f4a7f21bb34f65350fc54aeaf999d6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/06/29 4:50 p.m.•8 views

Malicious code in @services-lib/application-http-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2f0c35f77748a968c410290c41c1525713b39103edc43ad32d326962c1c300d1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/06/29 4:50 p.m.•6 views

Malicious code in @reference-web/pmp-i18n (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fa9fa64959cdfca9cd71a151253756f0ce40111abc40bdbbfcdab7032796f84e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/06/29 4:50 p.m.•7 views

Malicious code in @rmlibrary/formatting (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4d9bc486836758abd131ff67787849b4a1b293a61e7b3bfad27fa27cbef6fd33 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/06/29 4:50 p.m.•8 views

Malicious code in @rakuten-rewards/messaging-sdk-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a7fc8243854c9528882d45c044a4a7c7ce2ad94143a84f135b2b98cb536ce2f8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/06/29 4:50 p.m.•8 views

Malicious code in @rakuten-rewards/messaging-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5881076c822a732d6344ff3614bf7437722ca46d9d5f5dbdf3105586fa078dd4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/06/29 4:50 p.m.•7 views

Malicious code in @gallup/pc-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eca755b4cbe794ce9b1389cff974fb13df6325eeb2eb658ca64a7bb7ee734b8b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/06/29 4:50 p.m.•6 views

Malicious code in @lexisnexisrisk/insider-threat-platform (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dae189d0977c5458ccfe6ac903cf5014acf0e73277c22ad68edf683813066398 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/06/29 4:50 p.m.•7 views

Malicious code in @huobi-ui/activity-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a2dc07679f0c801fbb465a2502687e29ed687871964c5d84c0dd5f2b7f94e8ad Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/06/29 4:50 p.m.•8 views

Malicious code in @experian-shared/services (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0b9781b2089d3aeafbedfe7c81af43904472553991bd7e50695ab301d4529eaa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/06/29 4:50 p.m.•6 views

Malicious code in @gm-rvg/root-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 439c6ce041ad5226eefdab8b99045e573701e66838e908be4fa6d3b0ee6e8a7b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/06/29 4:50 p.m.•6 views

Malicious code in alpine-csp (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 679e7fa416a25f031c58a44e95d6e43c4425113f18b990fa3f812a5b5a1a673c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
Total number of security vulnerabilities226511