Malicious packages
Malware feed
Every package version published with malicious code, federated from OSV.dev's MAL-* feed: GitHub malware advisories, Snyk, PyPI removed-malware, OSS-Fuzz, and others. These are not CVE-style vulnerabilities — they're intentionally malicious uploads (typosquats, compromised maintainer tokens, worm-style campaigns like Shai-Hulud).
Recent advisories
3,510 total in gem · sorted newest first- Jun 25, 2024
Malicious code in lang-cards (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in kwai-gitlab (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in kevins-propietary_brain (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in kevin-thompson (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in jmcnevin-rghost-barcode (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in jenkins-statsd (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in jekyll-rp-logs (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in jaconda-telegram (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in irs_data (RubyGems)
7 compromised versions
- Jun 25, 2024
Malicious code in indonesian-province (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in http-statsd (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in hide-asset_logs (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in hfc (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in hello-kelvinst (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in has-logs (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in has-changelogs (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in halo-stats (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in hack-cards (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in gitstats_ruby (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in gitstats_rb (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in github_release-stats (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in github_org-stats (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in git-team_stats (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in gimme-vins (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in get-stats (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in generate-object-property (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in gemnasium-gitlab-service (RubyGems)
16 compromised versions
- Jun 25, 2024
Malicious code in gamer-stats (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in game-shuffle_cards (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in galvinhsiu-active-cart (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in fossa-curl-test (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in fortnite-api (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in forgiving-nil (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in foot-stats (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in font_stack (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in font_roboto-rails (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in font_league (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in font_fabulous (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in font_awesome-sassc (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in font_awesome-sass-mixins (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in font_awesome-sass-c (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in font_awesome-sass (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in font-assets (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in fluent_plugin-statsite (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in fluent_plugin-statsd-output (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in fluent_plugin-statsd-event (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in fluent_plugin-statsd (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in fluent_plugin-stats-notifier (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in fluent_plugin-stats (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in fluent_plugin-logsene (RubyGems)
1 compromised version
Page 57 of 71