Malicious packages
Malware feed
Every package version published with malicious code, federated from OSV.dev's MAL-* feed: GitHub malware advisories, Snyk, PyPI removed-malware, OSS-Fuzz, and others. These are not CVE-style vulnerabilities — they're intentionally malicious uploads (typosquats, compromised maintainer tokens, worm-style campaigns like Shai-Hulud).
Recent advisories
255,987 total · sorted newest first- Jun 24, 2026
Malicious code in leo-connector-mysql (npm)
1 compromised version
- Jun 24, 2026
Malicious code in leo-connector-mongo (npm)
1 compromised version
- Jun 24, 2026
Malicious code in leo-connector-elasticsearch (npm)
1 compromised version
- Jun 24, 2026
Malicious code in leo-config (npm)
1 compromised version
- Jun 24, 2026
Malicious code in leo-cli (npm)
1 compromised version
- Jun 24, 2026
Malicious code in leo-cdk-lib (npm)
1 compromised version
- Jun 24, 2026
Malicious code in leo-cache (npm)
1 compromised version
- Jun 24, 2026
Malicious code in leo-aws (npm)
1 compromised version
- Jun 24, 2026
Malicious code in leo-auth (npm)
1 compromised version
- Jun 24, 2026
Malicious code in syspo (npm)
1 compromised version
- Jun 24, 2026
Malicious code in syco1 (npm)
3 compromised versions
- Jun 24, 2026
Malicious code in sypoi1 (npm)
3 compromised versions
- Jun 24, 2026
Malicious code in @kl-dolphin/jump (npm)
1 compromised version
- Jun 24, 2026
Malicious code in @kl-dolphin/swim (npm)
1 compromised version
- Jun 24, 2026
Malicious code in zenith-utils (npm)
2 compromised versions
- Jun 24, 2026
Malicious code in python-dateutil2 (PyPI)
1 compromised version
- Jun 24, 2026
Malicious code in normalize-plus (npm)
1 compromised version
- Jun 24, 2026
Malicious code in ui-core-system (npm)
- Jun 24, 2026
Malicious code in ldapaotest (npm)
- Jun 24, 2026
Malicious code in cccmyssr2 (npm)
1 compromised version
- Jun 24, 2026
Malicious code in cccmyssr-util (npm)
1 compromised version
- Jun 24, 2026
Malicious code in cccmyssr3 (npm)
1 compromised version
- Jun 24, 2026
Malicious code in react-campaign-optimizer (npm)
2 compromised versions
- Jun 24, 2026
Malicious code in signup-embedder (npm)
3 compromised versions
- Jun 24, 2026
Malicious code in chai-as-predicted (npm)
1 compromised version
- Jun 24, 2026
Malicious code in hs-locale-management (npm)
3 compromised versions
- Jun 24, 2026
Malicious code in ensmallen (PyPI)
1 compromised version
- Jun 24, 2026
Malicious code in rapidsearch (npm)
1 compromised version
- Jun 24, 2026
Malicious code in multer-express (npm)
1 compromised version
- Jun 24, 2026
Malicious code in vercel-api-client (npm)
- Jun 24, 2026
Malicious code in evmdotjs (npm)
- Jun 24, 2026
Malicious code in eth_accounts (npm)
- Jun 24, 2026
Malicious code in simplisafe-gatsby (npm)
1 compromised version
- Jun 24, 2026
Malicious code in macos-ci-utils (npm)
2 compromised versions
- Jun 24, 2026
Malicious code in linux-ci-utils (npm)
1 compromised version
- Jun 24, 2026
Malicious code in system-core-utils (npm)
1 compromised version
- Jun 24, 2026
Malicious code in gunicorm (PyPI)
1 compromised version
- Jun 24, 2026
Malicious code in ditenv (PyPI)
1 compromised version
- Jun 24, 2026
Malicious code in fkaks (PyPI)
1 compromised version
- Jun 24, 2026
Malicious code in mcpsever (PyPI)
1 compromised version
- Jun 24, 2026
Malicious code in bn-lint (npm)
2 compromised versions
- Jun 24, 2026
Malicious code in evil-pkg (npm)
6 compromised versions
- Jun 24, 2026
Malicious code in gpt-chat-cli (npm)
2 compromised versions
- Jun 24, 2026
Malicious code in hardhat-test-log (npm)
4 compromised versions
- Jun 24, 2026
Malicious code in dbt-language-server (npm)
1 compromised version
- Jun 24, 2026
Malicious code in hyperpure (npm)
1 compromised version
- Jun 24, 2026
Malicious code in decimal-format-utils (npm)
1 compromised version
- Jun 24, 2026
Malicious code in rollup-runtime-polyfill-core (npm)
4 compromised versions
- Jun 24, 2026
Malicious code in assertcore (npm)
1 compromised version
- Jun 24, 2026
Malicious code in backpack-ios (npm)
1 compromised version
Page 89 of 5,120