Malicious packages
Malware feed
Every package version published with malicious code, federated from OSV.dev's MAL-* feed: GitHub malware advisories, Snyk, PyPI removed-malware, OSS-Fuzz, and others. These are not CVE-style vulnerabilities — they're intentionally malicious uploads (typosquats, compromised maintainer tokens, worm-style campaigns like Shai-Hulud).
Recent advisories
3,510 total in gem · sorted newest first- Jun 25, 2024
Malicious code in fluent_plugin-dogstatsd-mediba (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in fluent_plugin-dogstatsd (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in fluent_plugin-datadog-statsd (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in fluent_plugin-cloudwatch-logs-foxtrot9 (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in fluent_plugin-cloudwatch-logs (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in fluent_plugin-airbrake-python (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in fluent_plugin-airbrake-logger (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in fluent-plugin-haproxy-stats (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in fluent-plugin-container-logs_filter (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in first-giving_api (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in first-gem_rakesh (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in fig-rake (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in execute-with_rescue_with_airbrake (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in et_azure_insights (RubyGems)
4 compromised versions
- Jun 25, 2024
Malicious code in enpit-weather (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in endosome (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in emque_stats (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in em_synchrony-dataone-vin (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in em_statsd-ruby (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in em_statsd (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in ellen_weather (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in education-stats (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in edmunds-vin (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in ebay_ysr (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in ebay-trading (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in ebay-enterprise_affiliate_network (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in ebay-client (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in dt_rake (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in drupal-fu (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in dragonfly_cloudinary-datastore (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in dragonfly_cloudinary (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in dragonfly_activerecord (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in dradis_ntospider (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in dradis_nmap (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in dradis_brakeman (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in dot-rake_tasks_in_rails (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in doge_chef-formatter (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in doge-woof (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in doge-linguist (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in doge-helper (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in dogapi_demo (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in dog-biscuits (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in divining-rod (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in devino-sms (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in deriving-license (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in delayed_plugins-airbrake (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in datadog_notifications (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in datadog_cli (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in datadog-proxy (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in datadog-apm (RubyGems)
1 compromised version
Page 58 of 71