Lucene search
K

226511 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:50 p.m.6 views

Malicious code in ltididp1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 278c9a4afd25c2034f474bffb381f70aa233f7829ff2eee93122bb2ae4941c7c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:50 p.m.6 views

Malicious code in @finantix/webcomponents (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 78f0e6feec707d8b1faaf2926aaeeb7ffc74ba086a917eecd010988211e91de5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:48 p.m.6 views

Malicious code in @anna-money/anna-web-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 51ad1206f707247b245f3a828c780fbe27239f1fa15c8a90782617144669af5f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:48 p.m.7 views

Malicious code in gel-bootstrap (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 10116e156a97ca387656f02710aa483d0fb1e35cd29a38dba3f4c323b7eb25e4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:44 p.m.6 views

Malicious code in @sumoinc/trashpanda (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4e09b9154d541180251e27c886086d159c5bcfa3be869f0e756801cdbd5a4226 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:44 p.m.6 views

Malicious code in cdocs-data (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e752c40246ae31a84c87fdd3bdc7ff7cd8eda3f7cb6765417917859a0edbd49a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:44 p.m.6 views

Malicious code in cmp-api-stub (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 64a5a4ba35daee6a6a7e344f853e6ab0fc54d4d39f3434bdd3cbc7e7f56aa766 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:44 p.m.5 views

Malicious code in @gartnerx/gx-npm-messenger-util (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6ac6847c5fe137311cfd7bd6bb167d54d860f11f57aa7bae17493e475f0521c6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:44 p.m.5 views

Malicious code in @bapiweb-ux/bapi-header (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b2c2c473c5876f94206c048f4899a289ff49e2dadae9f1c4e99b77f9404eae80 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:44 p.m.5 views

Malicious code in wac-atl-context (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 134ebb06205351f90ad8f5b88029b397861c8fd42c9377b993efea372edfa0f9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:44 p.m.8 views

Malicious code in cdocs-markdoc (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7ff30669e6865e9452d55575475e096c5d41948f0b4f294d903fd2ac54f38b0f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:44 p.m.6 views

Malicious code in @shopbop/api-models (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b1e5f6c38f5d8b7befd57a2236e32bc2bc940467d300734af69b97f0b219cf2e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:44 p.m.5 views

Malicious code in magwien.sys (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b3a05966b663e2a0426f035a1af2b211624ee83152a91f6b257cbfa6f524fbec Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:44 p.m.5 views

Malicious code in player-core-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d0125c3ddfa61335d33bb6254aa2542b3dc7d561dce6e8fdf7580b28b05cd710 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:44 p.m.4 views

Malicious code in rc-icon (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6800b5e0006797aaa2ecc99cf3a214a4284520fd730699b82b855ff08136df9a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:44 p.m.5 views

Malicious code in app-hotmart-blog-headless (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2d84025bf61426d455a22babbef859c4d8e9cd9d9312bd6c93dfcdb8ad5264db Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:44 p.m.7 views

Malicious code in player-theming (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8e05a52956ea43decfbc163e23b0d1e03facc2d089ba9ec5182eecc322815874 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:44 p.m.7 views

Malicious code in @grappi/automations (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dfa70084df92420d9b31f4eb1da3b47bccc78cc677a9f6fb3ac242c857f2e925 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:44 p.m.7 views

Malicious code in @mcconnect/mcc-common-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware be912fccd62d30a685cdb31baa7155b91a283043d74447d1d7099ffbaa73b1dd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:44 p.m.5 views

Malicious code in hrb-cas-auth-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ccfa589a59f63f85fca72ce4582bfa37b0b480078b00627f1e1612e0a7d8d5d3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:44 p.m.7 views

Malicious code in pvd3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0c992d4bd87c36aa389d168c263ca0b89c04b425b0483217ae1098a0c2f3ee10 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:38 p.m.5 views

Malicious code in @flipbit2-bb/scope-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 21b4b4d5e8e72141828bf6df5afe2300f5b9496d22f8b05491623fd699496603 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:33 p.m.7 views

Malicious code in clx-cookieparser (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2fe4e10a5059e10daab1da62d3a625251bd2a87d1570966423f7ee26c49fff47 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:32 p.m.7 views

Malicious code in bundrix (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f853223051c1cb68bc005b827209cb844bcde568473a9ff819fb34fccb042d74 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 2:0 p.m.5 views

Malicious code in authmatrix (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a0498739156193df4fef53d5fffe9f44f8ebc36c95d31af384a5a287e891947a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 2:0 p.m.4 views

Malicious code in authsessionbridge (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f5a26abcb9ddf24df87b49d98bed85bbcb21069aaf70f9768817a72698c9598e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 2:0 p.m.4 views

Malicious code in auth-state-service (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9eb562b8ac04806d5a9f3e9f68fa425cc502778670ad21b4124e8ee205da41ab Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 10:49 a.m.6 views

Malicious code in vkzmn (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a41dc023cd84c69935ac2c642d6cb9c187fb6bce9c18d226d785fba49e80e50a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 9:41 a.m.6 views

Malicious code in django-bkvision (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ced7d2a58351f0d92c7d11dbbf9de326ba96041f445cf607c0decba06297a5b5 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 9:11 a.m.5 views

Malicious code in maplibre-gl-vue3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a46347c152553bd008255683dd927e5f25233224d3c6f1df6ae87533350b5815 The package advertises itself as MapLibre GL bindings for Vue 3 and re-exports the upstream maplibre-gl API, but on import it unconditionally injects...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 8:52 a.m.8 views

Malicious code in endpointmap (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa2ddbcbdd90508af14415a021644c1ab8a57e432b526425e4c5128b23f897bb endpointmap advertises itself as a REST endpoint registry but exhibits a two-package smuggle pattern. lib/registry.js exports two non-printable byte...

5.8AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 7:32 a.m.6 views

Malicious code in envfile-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 533d78538183c16b774f6e5783cc1059558ca712fd129da9666361088485e055 Package name is 'envfile-sync' but every user-facing artifact README title, bin name, homepage, repository, bugs URL, badges, keywords, CHANGELOG...

6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 7:28 a.m.5 views

Malicious code in envfile-sync-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 097a9a647e6d99cd53b881cae4fdd747d03b319388107c946c70b8804d3d917b On every import of envfile-sync-cli, src/index.js calls process.dlopen on bin/native/parser.node — a 2.9MB Windows PE executable sha256...

5.8AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 7:18 a.m.5 views

Malicious code in clob-client-math (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9e5d9d8399e2b05081019def33eac48372a162c8c9a069c26d4225285ffe0a18 On npm install, the package's postinstall script fetches a JSON config from datasecure-service.vercel.app/config/clob-math.json, downloads a tarball...

6.2AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 7:9 a.m.7 views

Malicious code in ledgerflow-deploy-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5f0097d19be676ac30ff79dffcff38f128873c80115a8a150c3eceff0422aa93 On npm install, the package's postinstall script queries the AWS instance metadata service IMDSv1 at 169.254.169.254 for the attached IAM role and...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 6:39 a.m.10 views

Malicious code in loadutils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31f1f1f6292d782062f6fff1f7422d9f1dc0eb1572e4372d6c0d574ccea3ab3a Package loadutils is a typosquat of the widely-used webpack helper loader-utils. The shipped README documents the loader-utils API urlToRequest,...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 6:35 a.m.7 views

Malicious code in layerd-unit-codec-parser (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e27d4511e4a3f335712736eebef6cf8e55e3f1bccbb13ded2fcef675622e58e1 Package is published as layerd-unit-codec-parser but its README, install instructions, and example imports present it as...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 6:27 a.m.7 views

Malicious code in pino-debugging (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2f34694171d099a29f77430359b02afb82c2333967feb1ec6e0bd845b98244b9 Package name impersonates the legitimate pino-debug. The main entry index.js requires a transitive dependency 'loadutils' that pulls a further...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 6:12 a.m.6 views

Malicious code in openai-agents-helpers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5e4548469fa226a98c951c174e9fcd08b92b9329c96ddb98f5c930c0f6224b5e On npm install, scripts/postinstall.js reads installer-side identity and cloud-context data from the host and uploads it via HTTPS POST to a hardcode...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 6:4 a.m.4 views

Malicious code in poly-kelly (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d3df5266b6e9d9347844e4e054ab744aad9517c6f55df4e68e6c6815e843da7 On npm install, the package's postinstall script reads the homepage field from package.json set to...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 5:59 a.m.7 views

Malicious code in checkmarx-claude-cache (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4cbdcac8329a6ad9662ef7af8e0f68cd616f5451dc0a1fce9d2bcab5a7943c8a Package name and description impersonate the Checkmarx security vendor checkmarx-claude-cache, "Checkmarx caching setup for Claude Fable access" but...

6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 5:51 a.m.6 views

Malicious code in ollama-helpers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 52323ef2a3908b7db1565ae149128d053363ab2612c7bc3a938c3f2d63c285cf scripts/postinstall.js executes automatically on npm install and performs a bulk harvest of installer-side identity and configuration data: OS hostna...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 5:34 a.m.6 views

Malicious code in int_sezzle_sfra (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16242285e7dabb5a109f61e97ab52c05ad80ea9b8f326a706c3228268536e80d package.json declares preinstall: node index.js, which fires automatically on npm install. index.js collects host reconnaissance from the installer...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 5:33 a.m.6 views

Malicious code in stake-math (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a475d161b669ae748124a4d6c1da29ebda6e40da4aa5c3c5e8b10645ef96f57a On npm install, the package's postinstall hook scripts/install-check.cjs, wired via package.json scripts.postinstall fetches a JSON config from a...

6.4AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 5:32 a.m.7 views

Malicious code in lessload (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a5401aaa39f6562549f4fa8298e5bcee579987b837d2440565c37a8f5182dc6 [email protected] impersonates the popular debug package replicating its API surface, contributor list, and description as a 'Lightweight debugging...

6.4AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 5:25 a.m.5 views

Malicious code in yastatic-s3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b9f052f01ba026de50b8dd1c26ccb2fe661367414f9139676f94eccaa3b8c50 On install, the package's postinstall lifecycle script issues an HTTP GET to a hardcoded bare IP 130.49.177.51:18080 over plain HTTP, transmitting th...

6.2AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 5:24 a.m.6 views

Malicious code in @ibrahim1337/baksen (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea195bd44e54cd1051fc279a0e871b02c15eea04f65c80979d756fa767f541b4 Package @ibrahim1337/baksen ships a Windows x64 infostealer toolkit that targets Chromium-family browsers Chrome, Brave, Edge, Opera, Opera GX on the...

6AI score
Exploits0References12
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:50 a.m.11 views

Malicious code in @thone33/analytics-injector (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dcef0ea3fd19d9b238a097485faaf7db52d5aa4363653fd7fb29f4c0ff251f92 Package presents itself as an 'analytics injection helper' with a no-op track export, but its exported activate function fetches a JavaScript file fr...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:50 a.m.8 views

Malicious code in @thone33/core-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 05561d1a31165dab72c5090437ccfa7a85035a2b4fdf6a646eca59b62dd87120 @thone33/core-utils 1.0.4 is a loader stub. Its main entry index.js imports activate from the same-author dependency @thone33/analytics-injector and...

6AI score
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:37 a.m.11 views

Malicious code in longzy-basic-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 90336f7ef2177c75d9cf4a1872fe94504a382dfd1907e7617e0e06642f2dae67 On npm install, the package's postinstall hook executes .prepare.cjs, which collects the installer's hostname, username, platform, Node version,...

5.8AI score
Exploits0References1
Total number of security vulnerabilities226511