issues
search
ossf
/
malicious-packages
A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerability (OSV) format.
Apache License 2.0
210
stars
19
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Bump github.com/aws/aws-sdk-go from 1.54.6 to 1.55.2
#596
dependabot[bot]
opened
19 minutes ago
0
Add report for harthat-chain
#595
poppysec
opened
3 hours ago
0
Bump github.com/aws/aws-sdk-go from 1.54.6 to 1.55.1
#594
dependabot[bot]
closed
18 minutes ago
1
Propose to withdraw MAL-2024-1398
#593
jasonhills-drata
opened
1 day ago
0
Bump github.com/aws/aws-sdk-go from 1.54.6 to 1.55.0
#592
dependabot[bot]
closed
23 hours ago
1
Add 3 NPM reports
#591
poppysec
closed
2 days ago
0
Add 2 npm reports
#590
poppysec
closed
2 days ago
0
Bump github/codeql-action from 3.25.12 to 3.25.13
#589
dependabot[bot]
opened
2 days ago
0
Add report for fireauth.args
#588
poppysec
closed
5 days ago
0
Bump github.com/aws/aws-sdk-go from 1.54.6 to 1.54.20
#587
dependabot[bot]
closed
1 day ago
1
add report for noblox.ts-core
#586
poppysec
closed
1 week ago
0
Bump github.com/aws/aws-sdk-go from 1.54.6 to 1.54.19
#585
dependabot[bot]
closed
5 days ago
1
Add reports for two similar NPM pkgs discord-api-ts and noblox-core-ts
#584
poppysec
closed
1 week ago
0
Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.56.1 to 1.58.2
#583
dependabot[bot]
opened
1 week ago
0
Bump github/codeql-action from 3.25.10 to 3.25.12
#582
dependabot[bot]
closed
1 week ago
1
Bump github.com/aws/aws-sdk-go from 1.54.6 to 1.54.18
#581
dependabot[bot]
closed
1 week ago
1
Adding report for noblox-core-ts to OSV
#580
poppysec
closed
1 week ago
0
details formatting is incorrect and malformated
#579
lukehinds
opened
2 weeks ago
0
Regenerate the summary across all packages to correct for missing namespaces
#578
calebbrown
closed
2 weeks ago
0
Bump github.com/google/osv-scanner from 1.8.1 to 1.8.2
#577
dependabot[bot]
opened
2 weeks ago
0
Bump actions/setup-go from 5.0.1 to 5.0.2
#576
dependabot[bot]
closed
1 week ago
0
Bump actions/setup-python from 5.1.0 to 5.1.1
#575
dependabot[bot]
closed
1 week ago
1
Bump google.golang.org/grpc from 1.64.0 to 1.64.1
#574
dependabot[bot]
closed
1 week ago
0
Add report for noblox-ts
#573
poppysec
closed
2 weeks ago
0
Bump github.com/aws/aws-sdk-go from 1.54.6 to 1.54.16
#572
dependabot[bot]
closed
1 week ago
1
Bump actions/upload-artifact from 4.3.3 to 4.3.4
#571
dependabot[bot]
closed
1 week ago
1
Bump github.com/aws/aws-sdk-go from 1.54.6 to 1.54.15
#570
dependabot[bot]
closed
2 weeks ago
1
Add Stacklok Trusty as a source, and allow access to AWS
#569
lukehinds
opened
2 weeks ago
2
MAL-2024-7418 is not malicious but just sending a ping to a host
#568
Shivang0
closed
1 week ago
1
Bump github.com/aws/aws-sdk-go from 1.54.6 to 1.54.14
#567
dependabot[bot]
closed
2 weeks ago
1
Bump cloud.google.com/go/storage from 1.42.0 to 1.43.0
#566
dependabot[bot]
closed
1 week ago
1
Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.56.1 to 1.58.0
#565
dependabot[bot]
closed
1 week ago
1
Bump github.com/aws/aws-sdk-go from 1.54.6 to 1.54.12
#564
dependabot[bot]
closed
2 weeks ago
1
Re-add reports that were hidden by the name conflict.
#563
calebbrown
closed
3 weeks ago
0
Bump github/codeql-action from 3.25.10 to 3.25.11
#562
dependabot[bot]
closed
1 week ago
1
Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.56.1 to 1.57.1
#561
dependabot[bot]
closed
3 weeks ago
1
Bump github.com/aws/aws-sdk-go from 1.54.6 to 1.54.11
#560
dependabot[bot]
closed
3 weeks ago
1
Repair broken paths from Reversing Labs ingestion
#559
calebbrown
closed
3 weeks ago
0
Repair NPM namespace issues after Reversing Labs import
#558
calebbrown
closed
3 weeks ago
1
Ensure purls are consistent and valid if they are present.
#557
calebbrown
closed
3 weeks ago
0
Add ability to pause/disable sources at config.
#556
calebbrown
closed
3 weeks ago
0
NPM packages with namespaces from ReversingLabs don't have namespace in name.
#555
calebbrown
opened
3 weeks ago
10
Reverse incorrectly created malicious entry for package React.
#554
lujunsan
closed
3 weeks ago
3
Bump github.com/aws/aws-sdk-go from 1.54.6 to 1.54.10
#553
dependabot[bot]
closed
3 weeks ago
1
Add missing quote in workflow.
#552
calebbrown
closed
3 weeks ago
0
Bump github.com/aws/aws-sdk-go from 1.54.6 to 1.54.9
#551
dependabot[bot]
closed
3 weeks ago
1
Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.56.1 to 1.57.0
#550
dependabot[bot]
closed
3 weeks ago
1
Bump github.com/aws/aws-sdk-go from 1.54.6 to 1.54.8
#549
dependabot[bot]
closed
3 weeks ago
1
Bump github.com/aws/aws-sdk-go from 1.54.6 to 1.54.7
#548
dependabot[bot]
closed
4 weeks ago
1
Bump github.com/aws/aws-sdk-go from 1.51.26 to 1.54.6
#547
dependabot[bot]
closed
1 month ago
0
Next