Malicious packages
Malware feed
Every package version published with malicious code, federated from OSV.dev's MAL-* feed: GitHub malware advisories, Snyk, PyPI removed-malware, OSS-Fuzz, and others. These are not CVE-style vulnerabilities — they're intentionally malicious uploads (typosquats, compromised maintainer tokens, worm-style campaigns like Shai-Hulud).
Recent advisories
240,064 total in npm · sorted newest first- Jun 11, 2026
Malicious code in ozonex-sdk (npm)
5 compromised versions
- Jun 11, 2026
Malware in ozonex-sdk
1 compromised version
- Jun 11, 2026
Malicious code in sn-internal-test (npm)
2 compromised versions
- Jun 11, 2026
Malicious code in sn-internal-testjgsakjdkjadkjahsdkjad (npm)
1 compromised version
- Jun 11, 2026
Malicious code in theta-sdk (npm)
13 compromised versions
- Jun 11, 2026
Malicious code in ozone-sdk (npm)
- Jun 11, 2026
Malware in theta-sdk
1 compromised version
- Jun 11, 2026
Malware in ozone-sdk
1 compromised version
- Jun 11, 2026
Malicious code in @tt-aem-tt4a/shared-components (npm)
1 compromised version
- Jun 11, 2026
Malware in sensivity
1 compromised version
- Jun 11, 2026
Malicious code in swagger-express-routes (npm)
1 compromised version
- Jun 11, 2026
Malicious code in routing-controls (npm)
1 compromised version
- Jun 11, 2026
Malware in routing-controls
1 compromised version
- Jun 11, 2026
Malware in swagger-express-routes
1 compromised version
- Jun 11, 2026
Malicious code in tw-fluid-type (npm)
1 compromised version
- Jun 11, 2026
Malicious code in tailwindcss-animotion (npm)
1 compromised version
- Jun 11, 2026
Malicious code in react-photo-views (npm)
1 compromised version
- Jun 11, 2026
Malware in react-photo-views
1 compromised version
- Jun 11, 2026
Malware in tailwindcss-animotion
1 compromised version
- Jun 11, 2026
Malware in tw-fluid-type
1 compromised version
- Jun 11, 2026
Malicious code in typeorm-encrypt (npm)
2 compromised versions
- Jun 11, 2026
Malicious code in tailwindcss-merge (npm)
3 compromised versions
- Jun 11, 2026
Malicious code in tailwindcss-animatics (npm)
- Jun 11, 2026
Malicious code in tailwindcss-animates-kit (npm)
- Jun 11, 2026
Malicious code in sass-formats (npm)
3 compromised versions
- Jun 11, 2026
Malicious code in sass-format (npm)
1 compromised version
- Jun 11, 2026
Malicious code in rate-limits-flexible (npm)
1 compromised version
- Jun 11, 2026
Malicious code in rate-limit-flexible (npm)
- Jun 11, 2026
Malicious code in clsx-tailwind (npm)
1 compromised version
- Jun 11, 2026
Malware in rate-limit-flexible
1 compromised version
- Jun 11, 2026
Malware in tailwindcss-animates-kit
1 compromised version
- Jun 11, 2026
Malware in sass-formats
1 compromised version
- Jun 11, 2026
Malware in tailwindcss-animatics
1 compromised version
- Jun 11, 2026
Malware in sass-format
1 compromised version
- Jun 11, 2026
Malware in tailwindcss-merge
1 compromised version
- Jun 11, 2026
Malware in rate-limits-flexible
1 compromised version
- Jun 11, 2026
Malware in typeorm-encrypt
1 compromised version
- Jun 11, 2026
Malware in clsx-tailwind
1 compromised version
- Jun 11, 2026
Malicious code in @whatnot-web/www-legacy (npm)
2 compromised versions
- Jun 11, 2026
Malicious code in edu-npm-dependency-chain-demo (npm)
1 compromised version
- Jun 11, 2026
Malicious code in edu-npm-postinstall-demo2 (npm)
3 compromised versions
- Jun 11, 2026
Malicious code in chai-net-test (npm)
3 compromised versions
- Jun 11, 2026
Malicious code in tailwind-animator-scroll (npm)
1 compromised version
- Jun 11, 2026
Malicious code in tailwind-typography-plus (npm)
1 compromised version
- Jun 11, 2026
Malicious code in claimora (npm)
1 compromised version
- Jun 11, 2026
Malicious code in janus-erc20 (npm)
1 compromised version
- Jun 11, 2026
Malicious code in cache-section-helper (npm)
1 compromised version
- Jun 11, 2026
Malicious code in datetime-toolkit (npm)
2 compromised versions
- Jun 11, 2026
Malicious code in internallib_v346 (npm)
6 compromised versions
- Jun 11, 2026
Malicious code in chai-as-victimed (npm)
1 compromised version
Page 54 of 4,802