Malicious packages

Malware feed

Every package version published with malicious code, federated from OSV.dev's MAL-* feed: GitHub malware advisories, Snyk, PyPI removed-malware, OSS-Fuzz, and others. These are not CVE-style vulnerabilities — they're intentionally malicious uploads (typosquats, compromised maintainer tokens, worm-style campaigns like Shai-Hulud).

Recent advisories

969 total in gem · sorted newest first

MAL-2024-6266Malwaregem1-as_identity_function
Jun 25, 2024
Malicious code in 1-as_identity_function (RubyGems)
1 compromised version
MAL-2024-6265Malwaregem1-as-identity_function
Jun 25, 2024
Malicious code in 1-as-identity_function (RubyGems)
1 compromised version
MAL-2024-1341Malwaregemdependency_confusion123
May 8, 2024
Malicious code in dependency_confusion123 (RubyGems)
1 compromised version
MAL-2023-8322Malwaregeminvesting_parameters
Oct 10, 2023
Malicious code in investing_parameters (RubyGems)
1 compromised version
MAL-2023-1436Malwaregempuppet-module-posix-system-r3.2
Aug 10, 2023
Malicious code in puppet-module-posix-system-r3.2 (RubyGems)
1 compromised version
MAL-2023-1433Malwaregempuppet-module-posix-system-r
Aug 9, 2023
Malicious code in puppet-module-posix-system-r (RubyGems)
1 compromised version
MAL-2023-1426Malwaregemgoogle-apis-androidpublisher_v2
Jul 19, 2023
Malicious code in google-apis-androidpublisher_v2 (RubyGems)
1 compromised version
MAL-2023-1434Malwaregemsystemd-daemon
Jul 17, 2023
Malicious code in systemd-daemon (RubyGems)
1 compromised version
MAL-2023-1430Malwaregemnaveen4gem
Jul 16, 2023
Malicious code in naveen4gem (RubyGems)
1 compromised version
MAL-2023-1431Malwaregemnaveengem
Jul 15, 2023
Malicious code in naveengem (RubyGems)
1 compromised version
MAL-2023-1425Malwaregemgitlab-glfm-markdown
Jul 2, 2023
Malicious code in gitlab-glfm-markdown (RubyGems)
1 compromised version
MAL-2023-1423Malwaregematt-codekit
Jun 19, 2023
Malicious code in att-codekit (RubyGems)
1 compromised version
MAL-2023-1432Malwaregemptrsec_rce
Jun 17, 2023
Malicious code in ptrsec_rce (RubyGems)
1 compromised version
MAL-2023-1427Malwaregemi18n_sonder
May 15, 2023
Malicious code in i18n_sonder (RubyGems)
1 compromised version
MAL-2023-1428Malwaregemmandrill-api-ruby
May 9, 2023
Malicious code in mandrill-api-ruby (RubyGems)
1 compromised version
MAL-2023-1429Malwaregemmodified_bayes
May 4, 2023
Malicious code in modified_bayes (RubyGems)
2 compromised versions
MAL-2023-11Malwaregemmicrosoft_kiota_http
May 4, 2023
Malicious code in microsoft_kiota_http (RubyGems)
1 compromised version
MAL-2023-12Malwaregemtzinfo-i18n
Apr 26, 2023
Malicious code in tzinfo-i18n (RubyGems)
1 compromised version
MAL-2023-1424Malwaregemfluent-plugin-enhance-k8s-metadata
Apr 25, 2023
Malicious code in fluent-plugin-enhance-k8s-metadata (RubyGems)
1 compromised version

Page 20 of 20