-
Notifications
You must be signed in to change notification settings - Fork 117
Pull requests: ossf/malicious-packages
Author
Label
Projects
Milestones
Reviews
Assignee
Sort
Pull requests list
Malicious package: npm/datefmt-helper (download-and-execute dropper)
#1344
opened Jul 4, 2026 by
akyroslabs
Loading…
Bump golang.org/x/net from 0.53.0 to 0.55.0
dependencies
Pull requests that update a dependency file
go
Pull requests that update Go code
#1343
opened Jul 3, 2026 by
dependabot
Bot
Loading…
Remove malformed malicious package aliases
#1342
opened Jul 3, 2026 by
zhelinliao-oss
Contributor
Loading…
Add OSV reports for @marketfront scope campaign - npm (25 packages)
#1341
opened Jul 2, 2026 by
KunalSin9h
Contributor
Loading…
Removed open-ended ranges in MAL-2026-3849 and MAL-2026-3862
#1339
opened Jul 2, 2026 by
mark-adams
Loading…
Withdraw MAL-2026-1035 neural-compressor-jax (false positive — legitimate Intel package)
#1320
opened Jun 18, 2026 by
ashahba
Loading…
fix: recursively merge and deduplicate database_specific maps and arrays
#1317
opened Jun 17, 2026 by
jeffrey-theog06
Loading…
Add initial malosv command for managing the repo.
#1306
opened Jun 11, 2026 by
calebbrown
Contributor
Loading…
fix: scope @browserbasehq/* advisories to only compromised versions
#1139
opened Feb 21, 2026 by
shrey150
Loading…
ProTip!
no:milestone will show everything without a milestone.