ossf/malicious-packages issues and pull requests

#717 - Added report for bcoin-full and mx-exchange-docs malicious NPM packages

Pull Request - State: closed - Opened by 6mile about 1 month ago

#716 - Add report for faucet-microservice

Pull Request - State: closed - Opened by 6mile about 1 month ago

#715 - add report for crypto-buddies and v2-foundry npm packages

Pull Request - State: closed - Opened by 6mile about 1 month ago - 1 comment

#714 - Add report for unisocks npm package

Pull Request - State: closed - Opened by 6mile about 1 month ago

#713 - Bump github/codeql-action from 3.27.9 to 3.28.0

Pull Request - State: closed - Opened by dependabot[bot] about 2 months ago - 1 comment
Labels: dependencies, github_actions

#712 - Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.71.0 to 1.71.1

Pull Request - State: closed - Opened by dependabot[bot] about 2 months ago - 1 comment
Labels: dependencies, go

#711 - Bump github.com/google/osv-scanner from 1.8.1 to 1.9.2

Pull Request - State: closed - Opened by dependabot[bot] about 2 months ago - 3 comments
Labels: dependencies, go

#710 - Bump actions/upload-artifact from 4.4.3 to 4.5.0

Pull Request - State: closed - Opened by dependabot[bot] about 2 months ago - 1 comment
Labels: dependencies, github_actions

#709 - Add reports for Cobalt Strike pkgs

Pull Request - State: closed - Opened by poppysec about 2 months ago

#708 - Bump actions/setup-go from 5.0.2 to 5.2.0

Pull Request - State: closed - Opened by dependabot[bot] about 2 months ago - 1 comment
Labels: dependencies, github_actions

#707 - Bump github/codeql-action from 3.26.6 to 3.27.9

Pull Request - State: closed - Opened by dependabot[bot] about 2 months ago - 1 comment
Labels: dependencies, github_actions

#706 - Bump golang.org/x/crypto from 0.26.0 to 0.31.0

Pull Request - State: closed - Opened by dependabot[bot] about 2 months ago - 1 comment
Labels: dependencies, go

#705 - Add report

Pull Request - State: closed - Opened by poppysec 2 months ago

#704 - Withdraw urlcon- advisory

Pull Request - State: closed - Opened by mgdcvetko 2 months ago

#703 - Remove MAL-2024-10183 advisory

Issue - State: closed - Opened by mgdcvetko 2 months ago - 1 comment

#702 - Validate reports against the OSV schema.

Pull Request - State: closed - Opened by calebbrown 2 months ago - 1 comment

#701 - Fix for several invalid versions

Pull Request - State: closed - Opened by mgdcvetko 2 months ago - 2 comments

#700 - Please remove all captivateiq instacnes

Issue - State: open - Opened by radical-izak 2 months ago - 3 comments

#699 - Bump cloud.google.com/go/storage from 1.43.0 to 1.48.0

Pull Request - State: closed - Opened by dependabot[bot] 2 months ago - 1 comment
Labels: dependencies, go

#698 - Update MAL-2024-11183.json

Pull Request - State: closed - Opened by calebbrown 2 months ago

#697 - Add reports for cryptostealing pkgs

Pull Request - State: closed - Opened by poppysec 2 months ago

#696 - Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.61.2 to 1.71.0

Pull Request - State: closed - Opened by dependabot[bot] 2 months ago - 1 comment
Labels: dependencies, go

#695 - Bump github/codeql-action from 3.26.6 to 3.27.6

Pull Request - State: closed - Opened by dependabot[bot] 2 months ago - 2 comments
Labels: dependencies, github_actions

#694 - Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.61.2 to 1.70.0

Pull Request - State: closed - Opened by dependabot[bot] 2 months ago - 1 comment
Labels: dependencies, go

#693 - Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.61.2 to 1.69.0

Pull Request - State: closed - Opened by dependabot[bot] 3 months ago - 1 comment
Labels: dependencies, go

#693 - Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.61.2 to 1.69.0

Pull Request - State: closed - Opened by dependabot[bot] 3 months ago - 1 comment
Labels: dependencies, go

#692 - Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.61.2 to 1.68.0

Pull Request - State: closed - Opened by dependabot[bot] 3 months ago - 1 comment
Labels: dependencies, go

#692 - Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.61.2 to 1.68.0

Pull Request - State: closed - Opened by dependabot[bot] 3 months ago - 1 comment
Labels: dependencies, go

#691 - Bump github/codeql-action from 3.26.6 to 3.27.5

Pull Request - State: closed - Opened by dependabot[bot] 3 months ago - 1 comment
Labels: dependencies, github_actions

#690 - Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.61.2 to 1.67.1

Pull Request - State: closed - Opened by dependabot[bot] 3 months ago - 1 comment
Labels: dependencies, go

#689 - Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.61.2 to 1.67.0

Pull Request - State: closed - Opened by dependabot[bot] 3 months ago - 1 comment
Labels: dependencies, go

#688 - Bump cloud.google.com/go/storage from 1.43.0 to 1.47.0

Pull Request - State: closed - Opened by dependabot[bot] 3 months ago - 1 comment
Labels: dependencies, go

#687 - Bump github/codeql-action from 3.26.6 to 3.27.4

Pull Request - State: closed - Opened by dependabot[bot] 3 months ago - 1 comment
Labels: dependencies, github_actions

#686 - Bump github/codeql-action from 3.26.6 to 3.27.3

Pull Request - State: closed - Opened by dependabot[bot] 3 months ago - 1 comment
Labels: dependencies, github_actions

#685 - Bump github/codeql-action from 3.26.6 to 3.27.2

Pull Request - State: closed - Opened by dependabot[bot] 3 months ago - 1 comment
Labels: dependencies, github_actions

#684 - Bump github/codeql-action from 3.26.6 to 3.27.1

Pull Request - State: closed - Opened by dependabot[bot] 3 months ago - 1 comment
Labels: dependencies, github_actions

#683 - Add malicious package report for "fabrice".

Pull Request - State: closed - Opened by calebbrown 3 months ago

#682 - Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.61.2 to 1.66.3

Pull Request - State: closed - Opened by dependabot[bot] 3 months ago - 1 comment
Labels: dependencies, go

#682 - Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.61.2 to 1.66.3

Pull Request - State: open - Opened by dependabot[bot] 3 months ago
Labels: dependencies, go

#681 - Bump cloud.google.com/go/storage from 1.43.0 to 1.46.0

Pull Request - State: closed - Opened by dependabot[bot] 3 months ago - 1 comment
Labels: dependencies, go

#680 - Add @lottiefiles/lottie-player report.

Pull Request - State: closed - Opened by calebbrown 3 months ago

#679 - Bump github.com/google/osv-scanner from 1.8.1 to 1.9.1

Pull Request - State: closed - Opened by dependabot[bot] 3 months ago - 1 comment
Labels: dependencies, go

#678 - Add reports for Roblox infostealer campaign

Pull Request - State: closed - Opened by poppysec 3 months ago

#677 - Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.61.2 to 1.66.2

Pull Request - State: closed - Opened by dependabot[bot] 4 months ago - 1 comment
Labels: dependencies, go

#676 - Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.61.2 to 1.66.1

Pull Request - State: closed - Opened by dependabot[bot] 4 months ago - 1 comment
Labels: dependencies, go

#675 - Bump actions/setup-python from 5.2.0 to 5.3.0

Pull Request - State: closed - Opened by dependabot[bot] 4 months ago - 1 comment
Labels: dependencies, github_actions

#674 - Bump actions/checkout from 4.1.7 to 4.2.2

Pull Request - State: closed - Opened by dependabot[bot] 4 months ago - 1 comment
Labels: dependencies, github_actions

#673 - Remove invalid version in admcheck PyPI package

Pull Request - State: closed - Opened by mgdcvetko 4 months ago - 3 comments

#672 - Bump github/codeql-action from 3.26.6 to 3.27.0

Pull Request - State: closed - Opened by dependabot[bot] 4 months ago - 1 comment
Labels: dependencies, github_actions

#671 - Add the ability to remove an entry from the aliases or related fields.

Pull Request - State: closed - Opened by calebbrown 4 months ago

#670 - Bump cloud.google.com/go/storage from 1.43.0 to 1.45.0

Pull Request - State: closed - Opened by dependabot[bot] 4 months ago - 1 comment
Labels: dependencies, go

#669 - Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.61.2 to 1.66.0

Pull Request - State: closed - Opened by dependabot[bot] 4 months ago - 1 comment
Labels: dependencies, go

#668 - Add reports for ethers packages

Pull Request - State: closed - Opened by poppysec 4 months ago - 1 comment

#667 - Re-enable Reversing Labs.

Pull Request - State: closed - Opened by calebbrown 4 months ago - 6 comments

#666 - Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.61.2 to 1.65.3

Pull Request - State: closed - Opened by dependabot[bot] 4 months ago - 1 comment
Labels: dependencies, go

#665 - Bump github/codeql-action from 3.26.6 to 3.26.13

Pull Request - State: closed - Opened by dependabot[bot] 4 months ago - 1 comment
Labels: dependencies, github_actions

#664 - Bump gocloud.dev from 0.39.0 to 0.40.0

Pull Request - State: closed - Opened by dependabot[bot] 4 months ago - 1 comment
Labels: dependencies, go

#663 - Bump actions/upload-artifact from 4.4.0 to 4.4.3

Pull Request - State: closed - Opened by dependabot[bot] 4 months ago - 1 comment
Labels: dependencies, github_actions

#662 - Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.61.2 to 1.65.2

Pull Request - State: closed - Opened by dependabot[bot] 4 months ago - 1 comment
Labels: dependencies, go

#661 - Bump actions/upload-artifact from 4.4.0 to 4.4.2

Pull Request - State: closed - Opened by dependabot[bot] 4 months ago - 1 comment
Labels: dependencies, github_actions

#660 - Corrections Needed for Several Malware Attributions

Issue - State: open - Opened by behnazh-w 4 months ago - 3 comments

#659 - Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.61.2 to 1.65.1

Pull Request - State: closed - Opened by dependabot[bot] 4 months ago - 1 comment
Labels: dependencies, go

#658 - Bump actions/checkout from 4.1.7 to 4.2.1

Pull Request - State: closed - Opened by dependabot[bot] 4 months ago - 1 comment
Labels: dependencies, github_actions

#657 - Bump github/codeql-action from 3.26.6 to 3.26.12

Pull Request - State: closed - Opened by dependabot[bot] 4 months ago - 1 comment
Labels: dependencies, github_actions

#656 - Bump actions/upload-artifact from 4.4.0 to 4.4.1

Pull Request - State: closed - Opened by dependabot[bot] 4 months ago - 1 comment
Labels: dependencies, github_actions

#655 - Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.61.2 to 1.65.0

Pull Request - State: closed - Opened by dependabot[bot] 4 months ago - 1 comment
Labels: dependencies, go

#654 - Add report for crustyhttp

Pull Request - State: closed - Opened by poppysec 4 months ago

#653 - Bump github/codeql-action from 3.26.6 to 3.26.11

Pull Request - State: closed - Opened by dependabot[bot] 4 months ago - 1 comment
Labels: dependencies, github_actions

#652 - Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.61.2 to 1.64.1

Pull Request - State: closed - Opened by dependabot[bot] 4 months ago - 1 comment
Labels: dependencies, go

#651 - Bump cloud.google.com/go/storage from 1.43.0 to 1.44.0

Pull Request - State: closed - Opened by dependabot[bot] 4 months ago - 1 comment
Labels: dependencies, go

#650 - Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.61.2 to 1.64.0

Pull Request - State: closed - Opened by dependabot[bot] 4 months ago - 1 comment
Labels: dependencies, go

#649 - Bump golangci/golangci-lint-action from 6.1.0 to 6.1.1

Pull Request - State: closed - Opened by dependabot[bot] 4 months ago - 1 comment
Labels: dependencies, github_actions

#648 - Bump github.com/google/osv-scanner from 1.8.1 to 1.9.0

Pull Request - State: closed - Opened by dependabot[bot] 4 months ago - 1 comment
Labels: dependencies, go

#647 - Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.61.2 to 1.63.3

Pull Request - State: closed - Opened by dependabot[bot] 4 months ago - 1 comment
Labels: dependencies, go

#646 - Bump github/codeql-action from 3.26.6 to 3.26.10

Pull Request - State: closed - Opened by dependabot[bot] 4 months ago - 1 comment
Labels: dependencies, github_actions

#645 - Bump actions/checkout from 4.1.7 to 4.2.0

Pull Request - State: closed - Opened by dependabot[bot] 5 months ago - 1 comment
Labels: dependencies, github_actions

#644 - Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.61.2 to 1.63.2

Pull Request - State: closed - Opened by dependabot[bot] 5 months ago - 1 comment
Labels: dependencies, go

#643 - Bump github/codeql-action from 3.26.6 to 3.26.9

Pull Request - State: closed - Opened by dependabot[bot] 5 months ago - 1 comment
Labels: dependencies, github_actions

#642 - Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.61.2 to 1.63.1

Pull Request - State: closed - Opened by dependabot[bot] 5 months ago - 1 comment
Labels: dependencies, go

#641 - Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.61.2 to 1.63.0

Pull Request - State: closed - Opened by dependabot[bot] 5 months ago - 1 comment
Labels: dependencies, go

#640 - Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.61.2 to 1.62.0

Pull Request - State: closed - Opened by dependabot[bot] 5 months ago - 1 comment
Labels: dependencies, go

#639 - Bump github/codeql-action from 3.26.6 to 3.26.8

Pull Request - State: closed - Opened by dependabot[bot] 5 months ago - 1 comment
Labels: dependencies, github_actions

#638 - Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.61.2 to 1.61.3

Pull Request - State: closed - Opened by dependabot[bot] 5 months ago - 1 comment
Labels: dependencies, go

#637 - Bump github/codeql-action from 3.26.6 to 3.26.7

Pull Request - State: closed - Opened by dependabot[bot] 5 months ago - 1 comment
Labels: dependencies, github_actions

#636 - Bump github.com/google/osv-scanner from 1.8.1 to 1.8.5

Pull Request - State: closed - Opened by dependabot[bot] 5 months ago - 1 comment
Labels: dependencies, go

#635 - Add 3 reports for BeaverTail stealer npm packages

Pull Request - State: closed - Opened by poppysec 5 months ago

#634 - Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.56.1 to 1.61.2

Pull Request - State: closed - Opened by dependabot[bot] 5 months ago
Labels: dependencies, go

#633 - Retrospectively add 3 reports related to Moonstone Sleet campaign

Pull Request - State: closed - Opened by poppysec 5 months ago

#632 - Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.56.1 to 1.61.1

Pull Request - State: closed - Opened by dependabot[bot] 5 months ago - 1 comment
Labels: dependencies, go

#631 - Add new npm reports

Pull Request - State: closed - Opened by poppysec 5 months ago

#630 - Bump actions/upload-artifact from 4.3.4 to 4.4.0

Pull Request - State: closed - Opened by dependabot[bot] 5 months ago - 1 comment
Labels: dependencies, github_actions

#629 - Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.56.1 to 1.61.0

Pull Request - State: closed - Opened by dependabot[bot] 6 months ago - 1 comment
Labels: dependencies, go

#628 - Bump github/codeql-action from 3.26.0 to 3.26.6

Pull Request - State: closed - Opened by dependabot[bot] 6 months ago - 1 comment
Labels: dependencies, github_actions

#627 - Bump actions/setup-python from 5.1.1 to 5.2.0

Pull Request - State: closed - Opened by dependabot[bot] 6 months ago - 1 comment
Labels: dependencies, github_actions

#626 - Add report for invokehttp

Pull Request - State: closed - Opened by poppysec 6 months ago

#625 - Withdraw drata (npm) - MAL-2024-1398.

Pull Request - State: closed - Opened by calebbrown 6 months ago

#624 - Restore @xivart/* reports now that there are specific version numbers.

Pull Request - State: closed - Opened by calebbrown 6 months ago

#623 - Bump github/codeql-action from 3.26.0 to 3.26.5

Pull Request - State: closed - Opened by dependabot[bot] 6 months ago - 1 comment
Labels: dependencies, github_actions

#622 - Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.56.1 to 1.60.1

Pull Request - State: closed - Opened by dependabot[bot] 6 months ago - 1 comment
Labels: dependencies, go

#621 - Bump github.com/google/osv-scanner from 1.8.1 to 1.8.4

Pull Request - State: closed - Opened by dependabot[bot] 6 months ago - 1 comment
Labels: dependencies, go

GitHub / ossf/malicious-packages issues and pull requests