Malicious packages
Malware feed
Every package version published with malicious code, federated from OSV.dev's MAL-* feed: GitHub malware advisories, Snyk, PyPI removed-malware, OSS-Fuzz, and others. These are not CVE-style vulnerabilities — they're intentionally malicious uploads (typosquats, compromised maintainer tokens, worm-style campaigns like Shai-Hulud).
Recent advisories
255,906 total · sorted newest first- May 16, 2022
Malware in cap-products
1 compromised version
- May 16, 2022
Malware in assets-common
1 compromised version
- May 16, 2022
Malicious code in lbc-git (npm)
- May 16, 2022
Malware in lbc-git
1 compromised version
- May 16, 2022
Malicious code in rainbow-bridge-testing (npm)
- May 16, 2022
Malicious code in api-extractor-test-01 (npm)
- May 16, 2022
Malware in api-extractor-test-01
1 compromised version
- May 16, 2022
Malware in rainbow-bridge-testing
1 compromised version
- May 16, 2022
Malicious code in @epc-infra/app-lookup-stack (npm)
- May 16, 2022
Malware in @epc-infra/app-lookup-stack
1 compromised version
- May 16, 2022
Malicious code in @epc-libraries/utils (npm)
- May 16, 2022
Malware in @epc-libraries/utils
1 compromised version
- May 16, 2022
Malicious code in @epc-libraries/kinesis-service (npm)
- May 16, 2022
Malware in @epc-libraries/kinesis-service
1 compromised version
- May 16, 2022
Malicious code in clinstestpackage (npm)
- May 16, 2022
Malware in clinstestpackage
1 compromised version
- May 16, 2022
Malicious code in @epc-libraries/driver-outage-db (npm)
- May 16, 2022
Malicious code in @epc-infra/aurora-stack (npm)
- May 16, 2022
Malware in @epc-libraries/driver-outage-db
1 compromised version
- May 16, 2022
Malware in @epc-infra/aurora-stack
1 compromised version
- May 16, 2022
Malicious code in @epc-libraries/data-api-versions (npm)
- May 16, 2022
Malware in @epc-libraries/data-api-versions
1 compromised version
- May 16, 2022
Malicious code in @epc-apps/api-management-plan (npm)
- May 16, 2022
Malware in @epc-apps/api-management-plan
1 compromised version
- May 16, 2022
Malicious code in @epc-libraries/cdk-custom-resources (npm)
- May 16, 2022
Malicious code in @epc-infra/stack-config (npm)
- May 16, 2022
Malicious code in @epc-infra/region-only-policy (npm)
- May 16, 2022
Malicious code in @epc-infra/dynamo-stack (npm)
- May 16, 2022
Malicious code in @epc-infra/dns-stack (npm)
- May 16, 2022
Malware in @epc-infra/dns-stack
1 compromised version
- May 16, 2022
Malware in @epc-libraries/cdk-custom-resources
1 compromised version
- May 16, 2022
Malware in @epc-infra/region-only-policy
1 compromised version
- May 16, 2022
Malware in @epc-infra/dynamo-stack
1 compromised version
- May 16, 2022
Malware in @epc-infra/stack-config
1 compromised version
- May 16, 2022
Malicious code in @epc-infra/clinstestpackage (npm)
- May 16, 2022
Malicious code in @epc-apps/api-generic-plan (npm)
- May 16, 2022
Malware in @epc-infra/clinstestpackage
1 compromised version
- May 16, 2022
Malware in @epc-apps/api-generic-plan
1 compromised version
- May 16, 2022
Malicious code in @epc-infra/users-stack (npm)
- May 16, 2022
Malicious code in @epc-apps/api-outages (npm)
- May 16, 2022
Malware in @epc-infra/users-stack
1 compromised version
- May 16, 2022
Malware in @epc-apps/api-outages
1 compromised version
- May 16, 2022
Malicious code in @epc-apps/api-ingestor (npm)
- May 16, 2022
Malicious code in @epc-apps/alert-servie (npm)
- May 16, 2022
Malware in @epc-apps/api-ingestor
1 compromised version
- May 16, 2022
Malware in @epc-apps/alert-servie
1 compromised version
- May 16, 2022
Malicious code in colors-update (npm)
- May 16, 2022
Malware in colors-update
1 compromised version
- May 16, 2022
Malicious code in gulp-browserify-thin (npm)
- May 16, 2022
Malicious code in gatsby-plugin-added-by-parent-theme (npm)
Page 5117 of 5,119