Ossf - Page 93 of Ossf Vulnerabilities List

--- -= Per source details. Do not edit below this line.=- Source: kam193 606ce541a3ef4a98e4e1639e96c6431e7ec83be6f987c640a63c03991eae4f6e The package hides code to download and start malicious script containing malware, identified as adware. The triggering method seems to be PTH file, although it...

5.9AI score

Exploits0References3

OSSF Malicious Packages•added 2026/03/18 6:20 a.m.•6 views

Malicious code in aniresolve (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c29943544c9e6ba7e0a3075c393fa1fa89673c99b73634c0263ef164e52ac306 Package hides code that downloads and runs malware, likely an infostealer. The code is not directly called in the package suggesting it's a dependency or next...

6AI score

Exploits0References2

OSSF Malicious Packages•added 2026/03/18 5:45 a.m.•3 views

Malicious code in bugbounty-test-123 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c22630300fe50578818f50f4a068d400f9e434dc0341fff5a6cd0ca63e82d5e1 The package bugbounty-test-123 was found to contain malicious code. Source: ossf-package-analysis...

5.8AI score

Exploits0

OSSF Malicious Packages•added 2026/03/17 11:11 p.m.•6 views

Malicious code in anistream (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 57e4902ca2172a78b93acf6ec1413ab098e72c158dc1ab74c3a84f28f50382f1 Package hides code that downloads and runs malware, likely an infostealer. The code is not directly called in the package suggesting it's a dependency or next...

6AI score

Exploits0References2

OSSF Malicious Packages•added 2026/03/17 4:16 p.m.•4 views

Malicious code in telegramdatas (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 742799f83f7140514aa9a55c3f3efb5142ab1eaef68317a40e23a8f261e22b71 During import, an infostealer embedded as package resource is started. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...

5.9AI score

Exploits0References3

OSSF Malicious Packages•added 2026/03/17 9:6 a.m.•3 views

Malicious code in robloxapi-test (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ff27677fd14eddf36fd58fee0bb539ef89fd596e83450c68f8dc0436350abfd6 Installation embeds a malicious PTH file that then during import downloads and executes remote code. During analysis, the remote code was a test starting...

6.1AI score

Exploits0References1

OSSF Malicious Packages•added 2026/03/17 6:44 a.m.•3 views

Malicious code in robloxapi-testy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f0221b6839d8882a9275e177ae71c7bed9cc15a96800e4cead5766c67f0dd042 Installation embeds a malicious PTH file that then during import downloads and executes remote code. During analysis, the remote code was a test starting...

6.1AI score

Exploits0References1

OSSF Malicious Packages•added 2026/03/17 6:25 a.m.•5 views

Malicious code in whatfix-icons (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 003442c235ba313d832b958d8170e59f28d9af34abdd1f33a832c6c2cd263696 The package whatfix-icons was found to contain malicious code. Source: ossf-package-analysis...

5.8AI score

Exploits0

OSSF Malicious Packages•added 2026/03/17 6:15 a.m.•3 views

Malicious code in navi-design-system (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d7c20b1a93d0713a7cd64e5937906dc8db43fe90795827cedac30fc64031c68 The package navi-design-system was found to contain malicious code. Source: ossf-package-analysis...

5.8AI score

Exploits0

OSSF Malicious Packages•added 2026/03/17 4:46 a.m.•7 views

Malicious code in pino-logger-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d5c908d1d5a0d2a6a517ef1aa6e7ab5b7ddc8644dc39730c2629f0226a69121a The package pino-logger-utils was found to contain malicious code. Source: ghsa-malware...

5.7AI score

Exploits0References1

OSSF Malicious Packages•added 2026/03/17 3:9 a.m.•6 views

Malicious code in strapi-plugin-workspace-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 360f06861421eccfdc69a5f18ecfe67b3785cb24bb1b0d1e6dd3f5d65df20f20 The package strapi-plugin-workspace-plugin was found to contain malicious code. Source: ghsa-malware...

5.7AI score

Exploits0References1

OSSF Malicious Packages•added 2026/03/17 3:9 a.m.•7 views

Malicious code in ember-power-calendar-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55191162c66f85fd90f4c2bb6354b569a7ab7cdc6a380289defcc8be784ed434 The package ember-power-calendar-utils was found to contain malicious code. Source: ghsa-malware...

5.7AI score

Exploits0References1

OSSF Malicious Packages•added 2026/03/17 3:9 a.m.•6 views

Malicious code in asset-delivery (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ff566136dd4e76e6bc8da12a23345712a57b375d3d0586ee36922cc0ffbbf880 The package asset-delivery was found to contain malicious code. Source: ghsa-malware ce9daf86327543018f44899bd8967bf2b927d6f1d9267b6726281b5ea0765868...

5.7AI score

Exploits0References1

OSSF Malicious Packages•added 2026/03/17 2:54 a.m.•7 views

Malicious code in graphlib-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6fc5e5e2ae1439a28be92e99758c3253bf2bd09a568712a5d0725553b4836eaf The package graphlib-js was found to contain malicious code. Source: ghsa-malware 375768659fc55b18acf652226fabd9052c10c4f88d36f150317532bc8661df13 An...

5.7AI score

Exploits0References1

OSSF Malicious Packages•added 2026/03/16 8:46 p.m.•6 views

Malicious code in revolut-merchant-widget (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector be3c58d0da88dbc307fda899df07f7e6badfcba4ccb5f98ce68e1daef3caa8c7 The package revolut-merchant-widget was found to contain malicious code. Source: ghsa-malware...

5.7AI score

Exploits0References1

OSSF Malicious Packages•added 2026/03/16 8:9 p.m.•5 views

Malicious code in chacha-lite-encrypt (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 705b86da323a21b157504bf4833b60c8aa90a57d6db5111716afe31c114b6c1d During import, package decrypts and runs a malicious executable. The executable is hidden in an encoded and xored form in the JSON resource file. This is a...

5.8AI score

Exploits0References2

OSSF Malicious Packages•added 2026/03/16 6:4 p.m.•6 views

Malicious code in pretty-tabulate (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 807e99c43a51fb7620cee47a356774c3ead94e75c4bc48621a942c835107b2eb Malicious code hidden in the color-list package uses the presence of pretty-tabulate as a trigger to load code hidden in likely a third malicious package...

5.9AI score

Exploits0References1

OSSF Malicious Packages•added 2026/03/16 6:3 p.m.•5 views

Malicious code in color-list (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 86ffbba2d1825f76d4c2baa6a8b7ecbe85514239934a3d7903745d17d4baf704 Malicious code hidden in the color-list package uses the presence of pretty-tabulate as a trigger to load code hidden in likely a third malicious package...

5.9AI score

Exploits0References1

Total number of security vulnerabilities225893