Ecosyste.ms: Issues

An open API service for providing issue and pull request metadata for open source projects.

GitHub / ossf/malicious-packages issues and pull requests

#799 - Incorrect metadata on GHSA-688c-gxc8-6xqp

Issue - State: closed - Opened by lucasgonze 9 days ago - 4 comments

#798 - Removing FP versions in three npm reports

Issue - State: open - Opened by mgdcvetko 10 days ago

#797 - Adding new malicious NPM packages

Pull Request - State: closed - Opened by awsactran 11 days ago

#796 - Adding new malicious NPM packages

Pull Request - State: closed - Opened by awsactran 11 days ago

#795 - Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.75.0 to 1.75.2 in the go-minor-updates group

Pull Request - State: closed - Opened by dependabot[bot] 11 days ago - 1 comment
Labels: dependencies, go

#794 - Added report for sigma-payment npm package

Pull Request - State: closed - Opened by 6mile 13 days ago

#793 - Added report for hotmart npm package

Pull Request - State: closed - Opened by 6mile 13 days ago

#792 - Added report for actiris npm package

Pull Request - State: closed - Opened by 6mile 13 days ago

#791 - Adding new malicious npm packages

Pull Request - State: closed - Opened by awsactran 14 days ago

#790 - Adding new malicious NPM packages

Pull Request - State: closed - Opened by awsactran 14 days ago

#789 - Adding new malicious packages

Pull Request - State: closed - Opened by awsactran 14 days ago

#788 - Added new npm reports

Pull Request - State: closed - Opened by awsactran 15 days ago

#787 - Added new npm report @zohaib2121/dtapp

Pull Request - State: closed - Opened by awsactran 15 days ago

#786 - Added malicious npm package tree-sitter-hcl

Pull Request - State: closed - Opened by awsactran 15 days ago - 1 comment

#785 - Added malicious npm package tree-sitter-hcl

Pull Request - State: closed - Opened by awsactran 15 days ago

#784 - Adding new npm reports

Pull Request - State: closed - Opened by poppysec 15 days ago

#782 - Bump the actions-minor-updates group across 1 directory with 3 updates

Pull Request - State: closed - Opened by dependabot[bot] 16 days ago
Labels: dependencies, github_actions

#781 - Added report for org.cocoapods.csv npm package

Pull Request - State: closed - Opened by 6mile 16 days ago

#780 - Added report for sample_cluster npm package

Pull Request - State: closed - Opened by 6mile 16 days ago

#779 - Bump the actions-minor-updates group with 2 updates

Pull Request - State: closed - Opened by dependabot[bot] 18 days ago - 2 comments
Labels: dependencies, github_actions

#778 - Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.73.2 to 1.74.1 in the go-minor-updates group

Pull Request - State: closed - Opened by dependabot[bot] 18 days ago - 2 comments
Labels: dependencies, go

#776 - Add recent reports

Pull Request - State: closed - Opened by poppysec 24 days ago

#775 - Bump the go-minor-updates group across 1 directory with 2 updates

Pull Request - State: closed - Opened by dependabot[bot] 24 days ago - 2 comments
Labels: dependencies, go

#774 - Fixed npm next-refresh-token details

Pull Request - State: closed - Opened by elad-pticha 25 days ago

#772 - Bump the go-minor-updates group with 3 updates

Pull Request - State: closed - Opened by dependabot[bot] 26 days ago - 1 comment
Labels: dependencies, go

#770 - Improve the dependabot config to lower toil.

Pull Request - State: closed - Opened by calebbrown 26 days ago

#769 - Added report for next-refresh-token npm package

Pull Request - State: closed - Opened by elad-pticha 26 days ago

#768 - Added report for openssl-node npm package

Pull Request - State: closed - Opened by elad-pticha 26 days ago

#767 - Added report for serve-static-corell npm package

Pull Request - State: closed - Opened by elad-pticha 26 days ago

#766 - Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.72.2 to 1.73.1

Pull Request - State: closed - Opened by dependabot[bot] 28 days ago - 1 comment
Labels: dependencies, go

#765 - Bump golangci/golangci-lint-action from 6.1.1 to 6.2.0

Pull Request - State: closed - Opened by dependabot[bot] 28 days ago - 5 comments
Labels: dependencies, github_actions

#764 - Bump github.com/aws/aws-sdk-go from 1.55.5 to 1.55.6

Pull Request - State: closed - Opened by dependabot[bot] 29 days ago - 1 comment
Labels: dependencies, go

#763 - Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.72.2 to 1.73.0

Pull Request - State: closed - Opened by dependabot[bot] 29 days ago - 1 comment
Labels: dependencies, go

#762 - Added report for netflixdesign npm package

Pull Request - State: closed - Opened by 6mile 30 days ago

#761 - Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.72.2 to 1.72.3

Pull Request - State: closed - Opened by dependabot[bot] about 1 month ago - 1 comment
Labels: dependencies, go

#760 - Add a step in validate workflow to loosen the "id" validation.

Pull Request - State: closed - Opened by calebbrown about 1 month ago

#759 - Added report for venmo-ui npm package

Pull Request - State: closed - Opened by 6mile about 1 month ago - 1 comment

#758 - Bump actions/checkout from 4.1.7 to 4.2.2

Pull Request - State: closed - Opened by dependabot[bot] about 1 month ago
Labels: dependencies, github_actions

#758 - Bump actions/checkout from 4.1.7 to 4.2.2

Pull Request - State: closed - Opened by dependabot[bot] about 1 month ago
Labels: dependencies, github_actions

#756 - Update to go v1.23.4. Update workflows to use go version from go.mod

Pull Request - State: closed - Opened by calebbrown about 1 month ago

#756 - Update to go v1.23.4. Update workflows to use go version from go.mod

Pull Request - State: closed - Opened by calebbrown about 1 month ago

#754 - Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.71.0 to 1.72.2

Pull Request - State: closed - Opened by dependabot[bot] about 1 month ago - 2 comments
Labels: dependencies, go

#754 - Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.71.0 to 1.72.2

Pull Request - State: closed - Opened by dependabot[bot] about 1 month ago - 2 comments
Labels: dependencies, go

#753 - fixed version number in MAL-2025-56

Pull Request - State: closed - Opened by 6mile about 1 month ago

#753 - fixed version number in MAL-2025-56

Pull Request - State: closed - Opened by 6mile about 1 month ago

#752 - MAL-2025-56 has an invalid version

Issue - State: closed - Opened by hogo6002 about 1 month ago - 1 comment

#752 - MAL-2025-56 has an invalid version

Issue - State: closed - Opened by hogo6002 about 1 month ago - 1 comment

#751 - Added reports for bigcommerce-cornerstone & parseq-tracevis npm packages

Pull Request - State: closed - Opened by 6mile about 1 month ago

#751 - Added reports for bigcommerce-cornerstone & parseq-tracevis npm packages

Pull Request - State: closed - Opened by 6mile about 1 month ago

#750 - Added reports for 4 malicious npm packages

Pull Request - State: closed - Opened by 6mile about 1 month ago

#750 - Added reports for 4 malicious npm packages

Pull Request - State: closed - Opened by 6mile about 1 month ago

#749 - Added report for mlb-site-core npm package

Pull Request - State: closed - Opened by 6mile about 1 month ago

#749 - Added report for mlb-site-core npm package

Pull Request - State: closed - Opened by 6mile about 1 month ago

#748 - Bump golang.org/x/net from 0.31.0 to 0.33.0

Pull Request - State: closed - Opened by dependabot[bot] about 1 month ago - 1 comment
Labels: dependencies, go

#748 - Bump golang.org/x/net from 0.31.0 to 0.33.0

Pull Request - State: closed - Opened by dependabot[bot] about 1 month ago - 1 comment
Labels: dependencies, go

#747 - Bump github/codeql-action from 3.27.9 to 3.28.1

Pull Request - State: closed - Opened by dependabot[bot] about 1 month ago
Labels: dependencies, github_actions

#746 - Added report for jiolocate-ui npm package

Pull Request - State: closed - Opened by 6mile about 1 month ago

#746 - Added report for jiolocate-ui npm package

Pull Request - State: closed - Opened by 6mile about 1 month ago

#745 - Added report for romanes-eunt-domus-jd-1337 npm package

Pull Request - State: closed - Opened by 6mile about 1 month ago

#745 - Added report for romanes-eunt-domus-jd-1337 npm package

Pull Request - State: closed - Opened by 6mile about 1 month ago

#744 - Repair the walletcore-gen (npm) report.

Pull Request - State: closed - Opened by calebbrown about 1 month ago

#743 - Fix solanacore (npm) report.

Pull Request - State: closed - Opened by calebbrown about 1 month ago - 1 comment

#743 - Fix solanacore (npm) report.

Pull Request - State: closed - Opened by calebbrown about 1 month ago - 1 comment

#742 - Added reports for malware deploying npm packages marked-cs and marked-ps

Pull Request - State: closed - Opened by 6mile about 1 month ago

#742 - Added reports for malware deploying npm packages marked-cs and marked-ps

Pull Request - State: closed - Opened by 6mile about 1 month ago

#741 - Add report for hardhat-dotenv

Pull Request - State: closed - Opened by poppysec about 1 month ago

#740 - Bump actions/upload-artifact from 4.4.3 to 4.6.0

Pull Request - State: closed - Opened by dependabot[bot] about 1 month ago
Labels: dependencies, github_actions

#739 - Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.71.0 to 1.72.1

Pull Request - State: closed - Opened by dependabot[bot] about 1 month ago - 2 comments
Labels: dependencies, go

#738 - Added reports for five malicious npm packages

Pull Request - State: closed - Opened by 6mile about 1 month ago

#737 - Added npm package Walletcore gen

Pull Request - State: closed - Opened by 6mile about 1 month ago

#736 - Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.71.0 to 1.72.0

Pull Request - State: closed - Opened by dependabot[bot] about 1 month ago - 1 comment
Labels: dependencies, go

#735 - Added report for tt4b npm package

Pull Request - State: closed - Opened by 6mile about 1 month ago

#734 - Adds report for solanacore npm package

Pull Request - State: closed - Opened by 6mile about 1 month ago

#733 - Added reports for five malicious npm packages

Pull Request - State: closed - Opened by 6mile about 1 month ago

#732 - Added reports for three malicious npm packages

Pull Request - State: closed - Opened by 6mile about 1 month ago

#732 - Added reports for three malicious npm packages

Pull Request - State: open - Opened by 6mile about 1 month ago

#731 - Added report for webinarwebhookapp npm package

Pull Request - State: closed - Opened by 6mile about 1 month ago

#730 - Added reports for five malicious npm packages

Pull Request - State: closed - Opened by 6mile about 1 month ago

#729 - Added report for facetec-browser-sdk npm package

Pull Request - State: closed - Opened by 6mile about 1 month ago

#728 - Added report for four malicious npm packages

Pull Request - State: closed - Opened by 6mile about 1 month ago

#727 - Add report for solana-login stealer

Pull Request - State: closed - Opened by poppysec about 1 month ago

#726 - Added reports for five malicious npm packages

Pull Request - State: closed - Opened by 6mile about 1 month ago

#725 - Added reports for three malicious npm packages

Pull Request - State: closed - Opened by 6mile about 1 month ago

#724 - Added report for three npm packages

Pull Request - State: closed - Opened by 6mile about 1 month ago - 3 comments

#723 - Added three new malicious npm packages

Pull Request - State: closed - Opened by 6mile about 1 month ago

#722 - Added report for babel-preset-app npm package.

Pull Request - State: closed - Opened by 6mile about 1 month ago

#721 - Added report for fider npm package

Pull Request - State: closed - Opened by 6mile about 1 month ago

#720 - Added report for valid-package npm package

Pull Request - State: closed - Opened by 6mile about 1 month ago

#719 - Added report for malicious NPM packages solaraexecutor and xeno.dll

Pull Request - State: closed - Opened by 6mile about 1 month ago

#718 - Added report for officebrowserfeedback malicious NPM package

Pull Request - State: closed - Opened by 6mile about 1 month ago