Malicious packages
Malware feed
Every package version published with malicious code, federated from OSV.dev's MAL-* feed: GitHub malware advisories, Snyk, PyPI removed-malware, OSS-Fuzz, and others. These are not CVE-style vulnerabilities — they're intentionally malicious uploads (typosquats, compromised maintainer tokens, worm-style campaigns like Shai-Hulud).
Recent advisories
3,510 total in gem · sorted newest first- Jun 25, 2024
Malicious code in activeadmin_mongoid-localize (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in activeadmin_logs (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in activeadmin-searchable-select (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in activeadmin-jfu_upload (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in activeadmin-globalize_inputs (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in active_profiling (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in active_model-email-validator (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in active-validator (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in active-validation (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in active-tools (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in active-support_alias_class_method (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in active-subset_validator (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in active-subset-validator (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in active-serializer (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in active-search (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in active-scaffold_config_list_vho (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in active-scaffold_batch_vho (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in active-rest_client (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in active-replicas (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in active-replica (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in active-redis_stats (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in active-record_stats (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in active-record_serialize_json (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in active-record_samplooper (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in active-record_lite (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in active-record_inline_schema (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in active-record_fix_integer_limit (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in active-pubsub (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in active-publisher (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in active-public_resources (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in active-press (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in active-model_version_serializers (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in active-model_validators_ex (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in active-model_validates_intersection_of (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in active-model_type_validator (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in active-model_serializers_validator (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in active-model_serializers_pg (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in active-model_serializers_matchers (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in active-model_serializers_cancancan (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in active-model_serializers_binary (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in active-model_serializers-matchers (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in active-model_serializers-jsonapi_embedded_records_deserializer (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in active-model_serializers-hash_wrapper (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in active-model_serializers-cancan (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in active-model_serializer_plus (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in active-model_policy (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in active-model-policy (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in active-model-permalink (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in active-model-password_reset (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in active-model-password (RubyGems)
1 compromised version
Page 67 of 71