Malicious packages
Malware feed
Every package version published with malicious code, federated from OSV.dev's MAL-* feed: GitHub malware advisories, Snyk, PyPI removed-malware, OSS-Fuzz, and others. These are not CVE-style vulnerabilities — they're intentionally malicious uploads (typosquats, compromised maintainer tokens, worm-style campaigns like Shai-Hulud).
Recent advisories
3,510 total in gem · sorted newest first- Jun 25, 2024
Malicious code in active-model-better_errors (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in active-model-attributes_validation (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in active-merchant_mollie (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in active-merchant-mollie (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in active-link_to (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in active-hash-like (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in active-explorer (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in active-delivery (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in active-comparison_validator (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in active-application (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in active-admin_theme (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in active-admin_import (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in active-admin_globalize3_locale_selector (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in active-admin_filters_visibility (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in active-admin-duplicatable (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in active-admin-advanced_create_another (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in actionview-link-to_block (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in actionview-link-to_blank (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in actionmailer-localized-preview (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in actionmailer-inline_css (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in actioncontroller-parameter-filter (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in action-subscriber (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in action-pubsub (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in action-parameter (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in action-meta_tags (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in action-mailer_cache_delivery (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in action-links (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in action-component (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in action-cable_subscription_adapter (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in act-blue_reporter (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in act-as_time_as_boolean (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in act-as_serializable (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in act-as_nameable (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in act-as_importable (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in act-as_enumerable (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in acquia-toolbelt (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in acpc-poker_types (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in acpc-poker_player_proxy (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in acpc-poker_match_state (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in acpc-poker_basic_proxy (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in acpc-poker-types (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in acpc-poker-player_proxy (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in acpc-poker-match_state (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in acpc-poker-basic_proxy (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in acmesmith_verisign (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in acmesmith_ns1 (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in acmesmith_google-cloud-storage (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in acmesmith_google-cloud-dns (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in acmesmith_designate (RubyGems)
1 compromised version
- Jun 25, 2024
Malicious code in acme_smileage (RubyGems)
1 compromised version
Page 68 of 71