issues
search
ossf
/
malicious-packages
A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerability (OSV) format.
Apache License 2.0
205
stars
17
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Bump github.com/aws/aws-sdk-go from 1.54.6 to 1.54.14
#567
dependabot[bot]
opened
11 hours ago
0
Bump cloud.google.com/go/storage from 1.42.0 to 1.43.0
#566
dependabot[bot]
opened
1 day ago
0
Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.56.1 to 1.58.0
#565
dependabot[bot]
opened
2 days ago
0
Bump github.com/aws/aws-sdk-go from 1.54.6 to 1.54.12
#564
dependabot[bot]
closed
11 hours ago
1
Re-add reports that were hidden by the name conflict.
#563
calebbrown
closed
3 days ago
0
Bump github/codeql-action from 3.25.10 to 3.25.11
#562
dependabot[bot]
opened
4 days ago
0
Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.56.1 to 1.57.1
#561
dependabot[bot]
closed
2 days ago
1
Bump github.com/aws/aws-sdk-go from 1.54.6 to 1.54.11
#560
dependabot[bot]
closed
3 days ago
1
Repair broken paths from Reversing Labs ingestion
#559
calebbrown
closed
4 days ago
0
Repair NPM namespace issues after Reversing Labs import
#558
calebbrown
closed
4 days ago
1
Ensure purls are consistent and valid if they are present.
#557
calebbrown
closed
4 days ago
0
Add ability to pause/disable sources at config.
#556
calebbrown
closed
1 week ago
0
NPM packages with namespaces from ReversingLabs don't have namespace in name.
#555
calebbrown
opened
1 week ago
6
Reverse incorrectly created malicious entry for package React.
#554
lujunsan
closed
4 days ago
3
Bump github.com/aws/aws-sdk-go from 1.54.6 to 1.54.10
#553
dependabot[bot]
closed
4 days ago
1
Add missing quote in workflow.
#552
calebbrown
closed
1 week ago
0
Bump github.com/aws/aws-sdk-go from 1.54.6 to 1.54.9
#551
dependabot[bot]
closed
1 week ago
1
Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.56.1 to 1.57.0
#550
dependabot[bot]
closed
4 days ago
1
Bump github.com/aws/aws-sdk-go from 1.54.6 to 1.54.8
#549
dependabot[bot]
closed
1 week ago
1
Bump github.com/aws/aws-sdk-go from 1.54.6 to 1.54.7
#548
dependabot[bot]
closed
1 week ago
1
Bump github.com/aws/aws-sdk-go from 1.51.26 to 1.54.6
#547
dependabot[bot]
closed
1 week ago
0
Bump github.com/google/osv-scanner from 1.6.1 to 1.8.1
#546
dependabot[bot]
closed
4 days ago
1
Bump github.com/google/osv-scanner from 1.6.1 to 1.8.0
#545
dependabot[bot]
closed
2 weeks ago
1
Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.53.1 to 1.56.1
#544
dependabot[bot]
closed
1 week ago
0
Bump github.com/aws/aws-sdk-go from 1.51.26 to 1.54.5
#543
dependabot[bot]
closed
2 weeks ago
1
Bump github.com/aws/aws-sdk-go from 1.51.26 to 1.54.4
#542
dependabot[bot]
closed
2 weeks ago
1
Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.53.1 to 1.56.0
#541
dependabot[bot]
closed
2 weeks ago
1
Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.53.1 to 1.55.2
#540
dependabot[bot]
closed
2 weeks ago
1
Bump github.com/aws/aws-sdk-go from 1.51.26 to 1.54.3
#539
dependabot[bot]
closed
2 weeks ago
1
Bump github.com/aws/aws-sdk-go from 1.51.26 to 1.54.2
#538
dependabot[bot]
closed
2 weeks ago
1
Bump github.com/aws/aws-sdk-go from 1.51.26 to 1.54.1
#537
dependabot[bot]
closed
2 weeks ago
1
Bump actions/checkout from 4.1.3 to 4.1.7
#536
dependabot[bot]
closed
3 weeks ago
1
Bump github/codeql-action from 3.25.0 to 3.25.10
#535
dependabot[bot]
closed
3 weeks ago
1
Bump github.com/aws/aws-sdk-go from 1.51.26 to 1.54.0
#534
dependabot[bot]
closed
3 weeks ago
1
Bump github.com/aws/aws-sdk-go from 1.51.26 to 1.53.21
#533
dependabot[bot]
closed
3 weeks ago
1
Adds report for icon-reactjs
#532
lujunsan
closed
3 weeks ago
0
Bump cloud.google.com/go/storage from 1.40.0 to 1.42.0
#531
dependabot[bot]
closed
1 week ago
1
Bump github.com/aws/aws-sdk-go from 1.51.26 to 1.53.20
#530
dependabot[bot]
closed
3 weeks ago
1
Bump github.com/aws/aws-sdk-go from 1.51.26 to 1.53.19
#529
dependabot[bot]
closed
3 weeks ago
1
Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.53.1 to 1.55.1
#528
dependabot[bot]
closed
2 weeks ago
1
fsevents <= 1.2.10 , is not malicious anymore
#527
mustafanaa
opened
3 weeks ago
1
Bump github.com/aws/aws-sdk-go from 1.51.26 to 1.53.18
#526
dependabot[bot]
closed
3 weeks ago
1
Adds reports for requestn, tensorfioi, nasrtox, costrar (PYPI)
#525
lujunsan
closed
4 weeks ago
0
Adds report for pentesters987abc (NPM)
#524
lujunsan
closed
4 weeks ago
1
Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.53.1 to 1.55.0
#523
dependabot[bot]
closed
3 weeks ago
1
Bump github.com/aws/aws-sdk-go from 1.51.26 to 1.53.17
#522
dependabot[bot]
closed
4 weeks ago
1
Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.53.1 to 1.54.4
#521
dependabot[bot]
closed
4 weeks ago
1
Bump github.com/aws/aws-sdk-go from 1.51.26 to 1.53.16
#520
dependabot[bot]
closed
4 weeks ago
1
Bump github/codeql-action from 3.25.0 to 3.25.8
#519
dependabot[bot]
closed
3 weeks ago
1
Add reversing-labs as a source, and allow access to AWS.
#518
calebbrown
closed
1 week ago
0
Next