Malicious packages
Malware feed
Every package version published with malicious code, federated from OSV.dev's MAL-* feed: GitHub malware advisories, Snyk, PyPI removed-malware, OSS-Fuzz, and others. These are not CVE-style vulnerabilities — they're intentionally malicious uploads (typosquats, compromised maintainer tokens, worm-style campaigns like Shai-Hulud).
Recent advisories
3,510 total in gem · sorted newest first- Jun 25, 2024
Malicious code in assets-live_compile (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in asset-uploader (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in asset-symlink (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in asset-pipeline_i18n (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in asset-pipeline (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in asset-link (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in asset-host_client (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in assemblyline_ruby (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in assemblyline_formatter (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in assemblyline_cli (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in assembly_client (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in assembla-cli (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in aspose-slides_cloud (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in asciidoctor_pdf-linewrap-ja (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in asciidoctor_bibliography (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in ascii-press (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in asana_cli (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in artoo_crazyflie (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in artisan_plugin (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in array_subindex (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in array-xml-serialization (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in arproxy-plugin-mysql-casual_log (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in argentinian_validations (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in arethusa_client (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in arethusa_cli (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in arethusa-plugin_generator (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in arel-search (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in area-code_validator (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in ardm_validations (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in ardm_sqlite-adapter (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in ardm_serializer (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in arctica_autorization-rails-plugin (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in archivist_client (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in archive-uploader (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in archive-lister (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in arb-spider (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in arabic-normalizer (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in ar_serialize-helpers (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in ar_octopus-replication-tracking (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in ar_find-in-batches-with-order (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in ar-publish_control (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in ar-lightning (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in ar-json_serialize (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in ar-database_duplicator (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in aptly-cli (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in aptible_cli (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in apress_validators (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in apress_moysklad (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in apress_documentation (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in apress_changelogger (RubyGems)
1 compromised version
Page 62 of 71