Malicious packages
Malware feed
Every package version published with malicious code, federated from OSV.dev's MAL-* feed: GitHub malware advisories, Snyk, PyPI removed-malware, OSS-Fuzz, and others. These are not CVE-style vulnerabilities — they're intentionally malicious uploads (typosquats, compromised maintainer tokens, worm-style campaigns like Shai-Hulud).
Recent advisories
3,510 total in gem · sorted newest first- Jun 25, 2024
Malicious code in batch-actions (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in batali_wedge (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in batali_tk (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in batali_infuse (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in basic_stats (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in barometer-weather-bug (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in barely-searchable (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in bard_rake (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in banner-jobsub (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in bankgiro-inbetalningar (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in backstop_deploys (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in backbone_subroute-rails (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in ba-upload (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in aws_s3-deploy (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in aws_logs (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in aws_elasticsearch (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in aws_codedeploy-agent (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in aws-upload (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in aws-sns_subscription (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in aws-cloud_search (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in aws-blue_green_deploy (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in awesome-print_carrier_wave_uploader (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in autoproj_stats (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in autoexec-bat (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in auto_deploy-test (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in auto-validate (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in auto-scaling_methods (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in auto-localize (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in auto-flick (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in auto-click (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in authenticator_client (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in authenticated-client (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in auth_transis-client (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in auth-client (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in audiobank_client (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in audio-mixer-sox (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in attribute-normalizer-extras (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in attr-validator (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in attr-searchable (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in atlassian-plugin_installer (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in atlas-client (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in atacama-client (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in at_validations (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in at-least_one_existence_validator (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in astroboa_cli (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in asterisk_ari-client (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in association-validator (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in assets_publisher-for-hanami (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in assets-pipeline (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in assets-offline (RubyGems)
1 compromised version
Page 61 of 71