Skip to content

Pull requests: ossf/malicious-packages

New pull request New
Clear current search query, filters, and sorts
8 Open 895 Closed
8 Open 895 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

Remove the overly broad match from GHSA to limit scanner noise.
#930 by calebbrown was merged Jun 12, 2025 Loading…
2
Add malicious package entries
#929 by awsactran was merged Jun 18, 2025 Loading…
10
Add @gluestack-ui/util and React Native ARIA compromise reports.
#927 by calebbrown was merged Jun 10, 2025 Loading…
Bump ossf/scorecard-action from 2.4.1 to 2.4.2 in the actions-minor-updates group dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code
#924 by dependabot bot was closed Jun 9, 2025 Loading…
1
Add malicious package entries
#923 by awsactran was merged Jun 10, 2025 Loading…
1
Add malicious package entries
#922 by awsactran was closed May 30, 2025 Loading…
Add report for the dscss PyPI package
#921 by behnazh-w was merged May 28, 2025 Loading…
1
Bump the go-minor-updates group across 1 directory with 2 updates dependencies Pull requests that update a dependency file go Pull requests that update Go code
#920 by dependabot bot was merged May 28, 2025 Loading…
Bump cloud.google.com/go/storage from 1.53.0 to 1.54.0 in the go-minor-updates group dependencies Pull requests that update a dependency file go Pull requests that update Go code
#919 by dependabot bot was closed May 26, 2025 Loading…
1
Add malicious package entries
#918 by awsactran was merged May 29, 2025 Loading…
2
Bump github/codeql-action from 3.28.17 to 3.28.18 in the actions-minor-updates group dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code
#917 by dependabot bot was merged May 28, 2025 Loading…
Bump github.com/go-jose/go-jose/v4 from 4.0.4 to 4.0.5 dependencies Pull requests that update a dependency file go Pull requests that update Go code
#916 by dependabot bot was merged May 28, 2025 Loading…
1
Malicious pakcage eslint-config-airbnb-compat and ts-runtime-compat-chec
#915 by KunalSin9h was merged May 28, 2025 Loading…
Bump golangci/golangci-lint-action from 7.0.0 to 8.0.0 dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code
#914 by dependabot bot was merged May 18, 2025 Loading…
some malicius packages.
#913 by KunalSin9h was merged May 28, 2025 Loading…
Bump the actions-minor-updates group across 1 directory with 3 updates dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code
#911 by dependabot bot was merged May 9, 2025 Loading…
Add malicious package entries
#909 by awsactran was merged May 19, 2025 Loading…
6
Add malicious package entries
#908 by awsactran was closed May 5, 2025 Loading…
Adding new malicious package entry for NPM package mrmax-test1
#907 by awsactran was closed May 30, 2025 Loading…
Adding new malicious package entry for NPM package krmbjsxss
#906 by awsactran was closed May 30, 2025 Loading…
Adding new malicious package entry for NPM package landsat-tiler
#905 by awsactran was merged May 9, 2025 Loading…
Adding new malicious package entry for NPM package gql-test-client
#904 by awsactran was merged May 9, 2025 Loading…
Adding new malicious package entry for NPM package fake-linter-no-schema
#903 by awsactran was merged May 9, 2025 Loading…
Adding new malicious package entry for NPM package flueneceenergy
#902 by awsactran was closed May 30, 2025 Loading…
Adding new malicious package entry for NPM package fluenceenergy
#901 by awsactran was closed May 30, 2025 Loading…
ProTip! Exclude everything labeled bug with -label:bug.