Malicious packages
Malware feed
Every package version published with malicious code, federated from OSV.dev's MAL-* feed: GitHub malware advisories, Snyk, PyPI removed-malware, OSS-Fuzz, and others. These are not CVE-style vulnerabilities — they're intentionally malicious uploads (typosquats, compromised maintainer tokens, worm-style campaigns like Shai-Hulud).
Recent advisories
240,011 total in npm · sorted newest first- May 16, 2022
Malicious code in bolt-styles (npm)
- May 16, 2022
Malicious code in assets-common (npm)
- May 16, 2022
Malware in cap-common-pages
1 compromised version
- May 16, 2022
Malware in bolt-styles
1 compromised version
- May 16, 2022
Malware in coldstone-sls
1 compromised version
- May 16, 2022
Malware in lexical-website-new
1 compromised version
- May 16, 2022
Malware in coldstone-helpers
1 compromised version
- May 16, 2022
Malware in cap-products
1 compromised version
- May 16, 2022
Malware in assets-common
1 compromised version
- May 16, 2022
Malicious code in lbc-git (npm)
- May 16, 2022
Malware in lbc-git
1 compromised version
- May 16, 2022
Malicious code in rainbow-bridge-testing (npm)
- May 16, 2022
Malicious code in api-extractor-test-01 (npm)
- May 16, 2022
Malware in api-extractor-test-01
1 compromised version
- May 16, 2022
Malware in rainbow-bridge-testing
1 compromised version
- May 16, 2022
Malicious code in @epc-infra/app-lookup-stack (npm)
- May 16, 2022
Malware in @epc-infra/app-lookup-stack
1 compromised version
- May 16, 2022
Malicious code in @epc-libraries/utils (npm)
- May 16, 2022
Malware in @epc-libraries/utils
1 compromised version
- May 16, 2022
Malicious code in @epc-libraries/kinesis-service (npm)
- May 16, 2022
Malware in @epc-libraries/kinesis-service
1 compromised version
- May 16, 2022
Malicious code in clinstestpackage (npm)
- May 16, 2022
Malware in clinstestpackage
1 compromised version
- May 16, 2022
Malicious code in @epc-libraries/driver-outage-db (npm)
- May 16, 2022
Malicious code in @epc-infra/aurora-stack (npm)
- May 16, 2022
Malware in @epc-libraries/driver-outage-db
1 compromised version
- May 16, 2022
Malware in @epc-infra/aurora-stack
1 compromised version
- May 16, 2022
Malicious code in @epc-libraries/data-api-versions (npm)
- May 16, 2022
Malware in @epc-libraries/data-api-versions
1 compromised version
- May 16, 2022
Malicious code in @epc-apps/api-management-plan (npm)
- May 16, 2022
Malware in @epc-apps/api-management-plan
1 compromised version
- May 16, 2022
Malicious code in @epc-libraries/cdk-custom-resources (npm)
- May 16, 2022
Malicious code in @epc-infra/stack-config (npm)
- May 16, 2022
Malicious code in @epc-infra/region-only-policy (npm)
- May 16, 2022
Malicious code in @epc-infra/dynamo-stack (npm)
- May 16, 2022
Malicious code in @epc-infra/dns-stack (npm)
- May 16, 2022
Malware in @epc-infra/dns-stack
1 compromised version
- May 16, 2022
Malware in @epc-libraries/cdk-custom-resources
1 compromised version
- May 16, 2022
Malware in @epc-infra/region-only-policy
1 compromised version
- May 16, 2022
Malware in @epc-infra/dynamo-stack
1 compromised version
- May 16, 2022
Malware in @epc-infra/stack-config
1 compromised version
- May 16, 2022
Malicious code in @epc-infra/clinstestpackage (npm)
- May 16, 2022
Malicious code in @epc-apps/api-generic-plan (npm)
- May 16, 2022
Malware in @epc-infra/clinstestpackage
1 compromised version
- May 16, 2022
Malware in @epc-apps/api-generic-plan
1 compromised version
- May 16, 2022
Malicious code in @epc-infra/users-stack (npm)
- May 16, 2022
Malicious code in @epc-apps/api-outages (npm)
- May 16, 2022
Malware in @epc-infra/users-stack
1 compromised version
- May 16, 2022
Malware in @epc-apps/api-outages
1 compromised version
- May 16, 2022
Malicious code in @epc-apps/api-ingestor (npm)
Page 4799 of 4,801