225920 matches found
Malicious code in tailwindcss-style-typography (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b625db5a21e8ed06ca7ce3b8d75adeff20b4179dbebe797b13486039aa74d6ea The package tailwindcss-style-typography was found to contain malicious code. Source: ghsa-malware...
Malicious code in tailwind-typ (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5b5e12d01d92bc7efe09d08aba44a4013705ac8993fbb742208b2a4904b7a31c The package tailwind-typ was found to contain malicious code. Source: ghsa-malware 43d9d60c72b77068d9d1e462d69ab2276baf8b651026670535ad3d567aaef837 A...
Malicious code in tailwind-stylecss-typography (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e0f774188361889c2e95f246317a2fece3219b9d9952ff3645e4d108bc525c5 The package tailwind-stylecss-typography was found to contain malicious code. Source: ghsa-malware...
Malicious code in chai-as-refined (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc7bd5b01fccd5ef5cc96d9a4eecf5801c6b34a062718a2131d2b2abb7a93191 The package chai-as-refined was found to contain malicious code. Source: ghsa-malware 5a69e4e0dbfe130a3d5da8413eb7ad9a490dc1874ee69ef385156479b365da4...
Malicious code in ui-utils-udhay-alerts (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ed8bd73e0d75fbda0ce08b97273d9ed56f21e9bc0967b05541013a944c85f3c0 The package ui-utils-udhay-alerts was found to contain malicious code. Source: ghsa-malware...
Malicious code in node-unpnotifyserv (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ad3da4c961628a8745400bba3a3521ae4fda195c030215758fe40841c1c8946e The package node-unpnotifyserv was found to contain malicious code. Source: ghsa-malware...
Malicious code in apmfe (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 03d72b347a4ab4d782a7ee9507b42169fa8da139566832f94309450c32a14b60 The package apmfe was found to contain malicious code. Source: ghsa-malware ed1e7a8b8dca6c9f7b5be8645baa51e525ec40266b2cf6e022052cecbd7c8741 Any...
Malicious code in chatbotloader (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 78643cb5d37687c0eac0935734bac95f23c01b64ded6bb2f2f090542324042ac The package chatbotloader was found to contain malicious code. Source: ghsa-malware 88ccdb3c34d69b2e53f62caa6b7e61f32e7868fa5893d6fd6d09662189d10b34...
Malicious code in okassistant (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec259ed5ca779ea9fce921bd547959b69220b3c9d07ed42c550ecfe2adcec217 The package okassistant was found to contain malicious code. Source: ghsa-malware 26810b15d962f827f687002cec240712d5f77f30a5eeef187362661c1dcff114 An...
Malicious code in okx-data (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7f537a0896e3975393a32700cc7c402b5b84baade9d30694090e625ef37a8a09 The package okx-data was found to contain malicious code. Source: ghsa-malware 41edc2d01a36c24d285496e1d882419e277f6ac2ded1e21f9d6eb4fd13cada75 Any...
Malicious code in okx-nav (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6ab3eb270d52d290185b24d8da75ec720b1c6d2403eb5bfeee0127d98edff14f The package okx-nav was found to contain malicious code. Source: ghsa-malware 3961b5dc52e388cd7ea999f85a4541bfc0e083e63afad50184fea746d70d275d Any...
Malicious code in okxglobal (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 69c773213dce504325f6d7d1508b8b2c8f2586998ab8240577610d71643d496d The package okxglobal was found to contain malicious code. Source: ghsa-malware 6fbd6d2866029238fe53fa341215f4c413767014dc0e6bf5688addd872f109df Any...
Malicious code in okfe-serverless-conf (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f74a72b0853bd9a530292e0f2f74d820ea396dd35650bb3537cf4b2d8705e0dc The package okfe-serverless-conf was found to contain malicious code. Source: ghsa-malware...
Malicious code in billing-paywidget (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a1d045f893bda154c8f1c451045b34000b97a678cef9952b2dc3ba2f1c83db2 The package billing-paywidget was found to contain malicious code. Source: ghsa-malware...
Malicious code in bytefrontier-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c9d258ef52db5cbfc634713540fa5f4f797e50b65fa49d3271b9cd3cf34b20dc The package bytefrontier-core was found to contain malicious code. Source: ghsa-malware...
Malicious code in bytefrontier (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d678267bdb56055d10c84922de235b32990b683287a2d918f4664856e0b26ac8 The package bytefrontier was found to contain malicious code. Source: ghsa-malware 61a6f4a4eeaf1e191d0ddc26158901f74e1a4387951453d9cc21567ce3412e70 A...
Malicious code in ms-affiliate-links (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 341048b16926b4d40796ca96aef3816934a2b84602c26451638154b6d90ab5d8 The package ms-affiliate-links was found to contain malicious code. Source: ghsa-malware...
Malicious code in one-sdui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7ae9d1e61120df70064f163b6e30ced15f3ec724fb27cbc92b9ac1b8d1cd4c02 The package one-sdui was found to contain malicious code. Source: ghsa-malware 3e8ccc46dbdf8114e190c849d6db29184468de377c64467c88e3e33398d54018 Any...
Malicious code in onewin-landing (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 38fa6b80b5e487a83f8ed1eccfcc9d4bbb5d460deb678e1106aea26439c11f24 The package onewin-landing was found to contain malicious code. Source: ghsa-malware af836df2faf0017725ed9fdbcd5457bfca0045b6a8d9cbad8e1ca949f4f06938...
Malicious code in use-feature-flags-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b176246976f266320b17cb9aa3a4fdddb6970d6f115637cb5cb2224c2db75c7e The package use-feature-flags-plugin was found to contain malicious code. Source: ghsa-malware...
Malicious code in vip-landing (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d1a30b342d6480583e23a375439f7332f03167d039b9b5471fa038d2374438fc The package vip-landing was found to contain malicious code. Source: ghsa-malware 63f1dbbecde9c755138a598580ab543e38ddcd44460ce05ec9532e8475bfc2a2 An...
Malicious code in one-translations (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8509aaa4a1769ce406c0bf7883ec6930bbd4aedbbeeb82df3ae719ab279ff238 The package one-translations was found to contain malicious code. Source: ghsa-malware 6d3a1486ad2ba464c9c1c678dfbab6c735eccaf31f2a1d3cba6e3f28a3fad5...
Malicious code in tailwind-lines-clamp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8d3d215fb943fe734ea49a73d1d0f503c465c829b5f5b5327ca3d83eaa0e377a The package tailwind-lines-clamp was found to contain malicious code. Source: ghsa-malware...
Malicious code in percy-cake-docker (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6bf9ba1c1f0935698da1dc2d1856efe1994c5b21139eec04f6eca712e85925f2 The package percy-cake-docker was found to contain malicious code. Source: ghsa-malware...
Malicious code in path-internal (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5393cf6d8cf49c2550e7cc90ff3de58b1e97bdc89183f63beae60b3e46b9d2e0 The package presents itself as a copy of the Node.js core path module name path-internal, README: "exact copy of the NodeJS 'path' module" and ships...
Malicious code in gate-apis (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 720c6a00b12826104b04d6b90dc651d5c669532946a36d8c36e3dff5fd5edb6d Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...
Malicious code in buffer-util-extend (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 374d8c5c4c32544741d1ea3788cfbccc3ee175f7181f8bdfa71cf4fde44121eb On require/import, index.js decodes a base64 string literal to https://www.jsonkeeper.com/b/CWOV9, fetches that anonymous JSON paste, and passes the...
Malicious code in path-extend (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 429c0dbb9c8395a6c87ffcf5e6ebe03c6cf6568b4bf205afa933b7d6a49aa578 On require, path.js runs an IIFE that calls a loader which fetches a base64-hidden URL https://www.jsonkeeper.com/b/XTTBX from jsonkeeper.com — an...
Malicious code in centralogger (npm)
dom-utils-lite and centralogger, with identical payloads. On npm install, a postinstall hook fetches the attacker’s SSH public key from a Supabase storage bucket, appends it to /.ssh/authorizedkeys, harvests the victim’s IP, username, and hostname, then uploads that metadata to the same Supabase...
Malicious code in dom-utils-lite (npm)
dom-utils-lite and centralogger, with identical payloads. On npm install, a postinstall hook fetches the attacker’s SSH public key from a Supabase storage bucket, appends it to /.ssh/authorizedkeys, harvests the victim’s IP, username, and hostname, then uploads that metadata to the same Supabase...
Malicious code in stacks-editor (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 15f50509d5d9110a7233db4ed683100cc33c07a09055d93d32ed8f057a34ae3f The package stacks-editor was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in svchost (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a56926028e7e253a1ffb3ba27d6514a5cbc6b23964d7e1094846a895dd322656 Code exfiltrates sensitive crypto wallet's files and sets up a keylogger trying to catch the password to the wallet --- Category: MALICIOUS - The campaign has...
Malicious code in pckg-sv (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 2ae45d504dadccaa437ebeaa729136ca7b38074149772b076c7abb34ab1e81f4 Code exfiltrates sensitive crypto wallet's files and sets up a keylogger trying to catch the password to the wallet --- Category: MALICIOUS - The campaign has...
Malicious code in getcardslib (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 88c984b34b3bacb405ca57d999a20be2a2c4c1b3ad75fa7e60f8d6e814b30ab5 The package getcardslib was found to contain malicious code. Source: ghsa-malware ce7e3143ce06f31e15162fef48924c625caddc3e6cc75c9640b053c38ad2665c An...
Malicious code in magentaa11y (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 995b52a2411e3213a611e58f659a941136e8021a88e1d638a232018265d5c11a The package magentaa11y was found to contain malicious code. Source: ghsa-malware 1c1c14e542b99ac8e01a06fd61158c90ffe14fbedbf4834d97f38d65d477ebb5 An...
Malicious code in robase-install (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 e1076baa8ca4cabd7ae4b1caafa04658a6f7a1c80f52d25de958412ec5d11661 The package is part of a malicious campaign, but was removed before the malicious code got embedded inside. --- Category: MALICIOUS - The campaign has clearly...
Malicious code in asciitoart (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d91767b12efcd1ad71b86b8d6770f33ddd3f1bfdec795dc04fd1d743a63a4591 Through an obscure way, one of the package files got overwritten by a remote obfuscated code, which appears to be an infostealer. After executing the malicious...
Malicious code in hive-setting (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 94c174f9e83b72e5aaafbb1587d41384786cd29b4e9b69d097117d8c7b403771 Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...
Malicious code in walmart-internal (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a4cb99836d95f651dcdf50a02819e299598fbb9e62a702601ce6fa89c3ed6ec0 The package walmart-internal was found to contain malicious code. Source: ghsa-malware 88f5dbf5cfe998f7ad3015cadd6b280accbeb5aadf15cdc7575f4f83a6f572...
Malicious code in @ids-alpha/theme (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 69b423c1268bb757d8dbdb3ed3f18f694342108deb76ca68405c72c2d9ca0775 The package @ids-alpha/theme was found to contain malicious code. Source: ghsa-malware a13c5be1a3936c956e02fd943b70f241a2dd8ced305b3e54165d16faae329b...
Malicious code in @spoonflower/ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e29845a092ba3a019d35adbb88e7fb15512c600cb11fceab06cb845fca75dbd2 The package @spoonflower/ui was found to contain malicious code. Source: ghsa-malware 68f97ac64dba33bf11aa1a9ae810a78f7fb21470e2ccce80e8975cc56d012a7...
Malicious code in @hrb-web/nuxt (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a79331843c585d4b6aa2d8f3256bd25c779d32339f82b689841407d6cf4b6f67 The package @hrb-web/nuxt was found to contain malicious code. Source: ghsa-malware e1fadac986a7b5658d8d9eb34082aba1718b1258ce2bda956c044c474c2a298c...
Malicious code in @kucoin-gbiz-next/tools (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 74b28e2536b0d59d01e913269776e3bd933f0bce2477136d28b923d2b5222d54 The package @kucoin-gbiz-next/tools was found to contain malicious code. Source: ghsa-malware...
Malicious code in @mx-shared/utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 80722921f3ba7863b8f28031aa4edf777ce8e270fab10bcead75016a286cb125 The package @mx-shared/utils was found to contain malicious code. Source: ghsa-malware 30ead10eaa18cee42152061c23ee9a84c465e687911f78dd1ae0c613f1c2b1...
Malicious code in @relxui/react (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b91a4fd21ef12fb1580ab9240c8b51f39c0ba26d19b683ebcac2d86ed7936e78 The package @relxui/react was found to contain malicious code. Source: ghsa-malware 1a95206a60abfe74a108e76e52361543b36e7d78ff34a1273b5cf4c1bb183d1f...
Malicious code in @sage-active/ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b00241523d12b3a7ef46eb21d2e480e96702d56bd067ace6e34262cedf6747f The package @sage-active/ui was found to contain malicious code. Source: ghsa-malware 87a70bf25b705a32cb00ec306c3a4634f7b7194979aabe11a126cc59a26ffb2...
Malicious code in @zgny/onboarding-consumer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 684a60d5d9d4b9ac47a7796608812b7cb223c1567b4ff70aa057e57b6101f590 The package @zgny/onboarding-consumer was found to contain malicious code. Source: ghsa-malware...
Malicious code in @spreadjs/js-calc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c7909a65c6a2c928f12a2333a6e1c53c7dea90685fe7b2be35f120654a6f86d7 The package @spreadjs/js-calc was found to contain malicious code. Source: ghsa-malware...
Malicious code in @sports-api/api-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6445b51deb95e237826188e8e4897f9c43cf8d9232f7d479b59922066a5ad3c The package @sports-api/api-sdk was found to contain malicious code. Source: ghsa-malware...
Malicious code in @pes-ui/components (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c86f728ffc679c2767dd34f810c998e9e7fa49098d757ee8a3ba6b050f1754f The package @pes-ui/components was found to contain malicious code. Source: ghsa-malware...