Malicious packages
Malware feed
Every package version published with malicious code, federated from OSV.dev's MAL-* feed: GitHub malware advisories, Snyk, PyPI removed-malware, OSS-Fuzz, and others. These are not CVE-style vulnerabilities — they're intentionally malicious uploads (typosquats, compromised maintainer tokens, worm-style campaigns like Shai-Hulud).
Recent advisories
240,073 total in npm · sorted newest first- May 28, 2026
Malware in @polka-ui/loads
1 compromised version
- May 28, 2026
Malware in @service-suppliers/fetch-suppliers-watcher-saga
1 compromised version
- May 28, 2026
Malware in @polka-ui/config
1 compromised version
- May 28, 2026
Malware in @databus-service-ui/scroll-up-content
1 compromised version
- May 28, 2026
Malware in @service-suppliers/select-supplier-watcher-saga
1 compromised version
- May 28, 2026
Malware in @service-suppliers/fetch_suppliers_action_saga
1 compromised version
- May 28, 2026
Malicious code in justsaying-docs (npm)
1 compromised version
- May 28, 2026
Malicious code in nemo-reporter (npm)
1 compromised version
- May 28, 2026
Malicious code in @mlspace/shared-storage (npm)
- May 28, 2026
Malicious code in @mlspace/profile (npm)
- May 28, 2026
Malicious code in @mlspace/model-registry (npm)
- May 28, 2026
Malicious code in @mlspace/model-monitoring (npm)
- May 28, 2026
Malicious code in @mlspace/inference-deploy (npm)
- May 28, 2026
Malicious code in @mlspace/inference-build (npm)
- May 28, 2026
Malicious code in @mlspace/file-manager (npm)
- May 28, 2026
Malicious code in @mlspace/experiments-monitoring (npm)
- May 28, 2026
Malicious code in @mlspace/experiments (npm)
- May 28, 2026
Malicious code in @mlspace/env-jupyter-server (npm)
- May 28, 2026
Malicious code in @mlspace/env-jobs (npm)
- May 28, 2026
Malicious code in @mlspace/env-gitlab (npm)
- May 28, 2026
Malicious code in @mlspace/dtransfer-history (npm)
- May 28, 2026
Malicious code in @mlspace/dtransfer (npm)
- May 28, 2026
Malicious code in @mlspace/docker-registry (npm)
- May 28, 2026
Malicious code in @mlspace/connectors (npm)
- May 28, 2026
Malicious code in @mlspace/allocations (npm)
- May 28, 2026
Malicious code in @fb-deposit/form-savings-account (npm)
- May 28, 2026
Malicious code in @fb-deposit/form-deposit-calc (npm)
- May 28, 2026
Malicious code in @fb-deposit/form-deposit-auth (npm)
- May 28, 2026
Malicious code in @fb-deposit/form-deposit (npm)
- May 28, 2026
Malicious code in @debit-ib/mobile-debit-ib-additional-card-form (npm)
- May 28, 2026
Malicious code in @debit-ib/desktop-debit-ib-additional-card-form (npm)
- May 28, 2026
Malicious code in @cloudplatform-single-spa/vpn (npm)
- May 28, 2026
Malicious code in @cloudplatform-single-spa/vpc-endpoint (npm)
- May 28, 2026
Malicious code in @cloudplatform-single-spa/vpc (npm)
- May 28, 2026
Malicious code in @cloudplatform-single-spa/vmware-draas (npm)
- May 28, 2026
Malicious code in @cloudplatform-single-spa/vmmanager (npm)
- May 28, 2026
Malicious code in @cloudplatform-single-spa/virtual-machines (npm)
- May 28, 2026
Malicious code in @cloudplatform-single-spa/virtual-ip (npm)
- May 28, 2026
Malicious code in @cloudplatform-single-spa/vdi (npm)
- May 28, 2026
Malicious code in @cloudplatform-single-spa/vcenter-virtual-machines (npm)
- May 28, 2026
Malicious code in @cloudplatform-single-spa/vcenter-manager (npm)
- May 28, 2026
Malicious code in @cloudplatform-single-spa/timescale-db (npm)
- May 28, 2026
Malicious code in @cloudplatform-single-spa/svp-vm-migration (npm)
- May 28, 2026
Malicious code in @cloudplatform-single-spa/svp-vdi (npm)
- May 28, 2026
Malicious code in @cloudplatform-single-spa/svp-tasks (npm)
- May 28, 2026
Malicious code in @cloudplatform-single-spa/svp-tags (npm)
- May 28, 2026
Malicious code in @cloudplatform-single-spa/svp-s3-storage (npm)
- May 28, 2026
Malicious code in @cloudplatform-single-spa/svp-pipeline (npm)
- May 28, 2026
Malicious code in @cloudplatform-single-spa/svp-managed-kubernetes (npm)
- May 28, 2026
Malicious code in @cloudplatform-single-spa/svp-lbaas (npm)
Page 73 of 4,802