Malicious packages
Malware feed
Every package version published with malicious code, federated from OSV.dev's MAL-* feed: GitHub malware advisories, Snyk, PyPI removed-malware, OSS-Fuzz, and others. These are not CVE-style vulnerabilities — they're intentionally malicious uploads (typosquats, compromised maintainer tokens, worm-style campaigns like Shai-Hulud).
Recent advisories
3,510 total in gem · sorted newest first- Jun 25, 2024
Malicious code in ad-search (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in acts-as_subscribable (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in acts-as_splittable (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in acts-as_read_only_i18n_localised (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in acts-as_publishable (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in acts-as_publicable (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in acts-as_multilingual (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in acts-as_localized (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in acts-as_list_with_sti_support (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in acts-as_liked (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in acts-as_likeable (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in acts-as_keywordable (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in acts-as_journalized (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in acts-as_fuzzy_search (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in acts-as_explorable (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in acts-as_crafter (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in acts-as_commentable_with_replies (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in acts-as_better_tree (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in activerecord_publishable (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in activerecord_postgresql-expression (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in activerecord_locking-symbolic (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in activerecord_like (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in activerecord_jdbcsplice-adapter (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in activerecord_implicit-order (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in activerecord_duplicate (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in activerecord_denormalize (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in activerecord_db-tools (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in activerecord_databasevalidations (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in activerecord-suppress-range_error (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in activerecord-strict_validations (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in activerecord-serialize-coders (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in activerecord-safe-initialize (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in activerecord-rescue-from_duplicate (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in activerecord-pluck-in_batches (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in activerecord-msgpack-serializer (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in activerecord-json_validator (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in activerecord-globalize (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in activerecord-forbid-implicit_connection_checkout (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in activerecord-database-validations (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in activemodel_validators (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in activemodel-url-validator (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in activemodel-ipaddr-validator (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in activemodel-immutable-validator (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in activemodel-email-address_validator (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in activemodel-can-validator (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in activemodel-behavior-validator (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in activemodel-base64-validator (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in activemerchant_payline (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in activemerchant_clickandbuy (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in activemerchant-banklink (RubyGems)
1 compromised version
Page 66 of 71