What each feed carried across August 2024 to July 2026
Every malicious advisory in the VDB is classified into exactly one of four feeds: OSSF Malicious Packages (published to OSV.dev, built for SCA scanners), OpenSourceMalware (a commercial catalogue, ingested per user API key), Vulnetix CLI Malscan (standalone GCVE-110 findings, built for SOC detection), and the remaining enriched Vulnetix VDB corpus, which spans more ecosystems than any single upstream feed. Advisories, IOC samples and actionable IOCs are additive; packages and actors are counted distinct within each ecosystem-month bucket. Actionable IOCs exclude the bare package-identifier types (a name, typosquat or version).
| Feed | Advisories | Packages | IOC samples | Actionable | Actors |
|---|---|---|---|---|---|
| OSSF Malicious Packages | 203.4K | 203.7K | 212.2K | 635 | 167 |
| OpenSourceMalware (OSM) | 8.7K | 8.7K | 5.4K | 2.2K | 588 |
| Vulnetix CLI Malscan | 35.9K | 35K | 132.2K | 130.6K | 56.2K |
| Vulnetix VDB | 3.7K | 1.9K | 3K | 214 | 72 |
What "Vulnetix VDB (enriched)" means
This bucket is not a single upstream feed. It is 3.7K malicious-package advisories aggregated from other databases, GitLab, Snyk, Gemnasium, GitHub (GHSA) and OSV, each of which, like OSSF, publishes primarily name-level records for SCA scanners. Vulnetix ingests and enriches them, adding the hashes, hosts, install commands and attribution the original advisory never carried, 214 actionable indicators and 72 actors on records that arrived carrying none. A scanner reading the raw upstream advisory cannot act on that; it would have to enrich the data itself, or query a source like the Vulnetix VDB that already has.
A note on the OpenSourceMalware figures. OpenSourceMalware is a commercial threat-intelligence catalogue, the "open source" is the subject (malware in open-source packages), not the licence. Under our agreement Vulnetix ingests OSM data only for users who supply their own OSM API key, so the 8.7K advisories shown here are the slice our users unlocked, not OSM's full catalogue. Vulnetix has also donated malware data back to OSM across several ecosystems.
Explore OpenSourceMalware → · Add your OSM API key to Vulnetix to widen this coverage.
The exposure window: how long is a malicious package installable before OSSF flags it?
We resolved when each malicious package was first published (deps.dev historical index plus the npm and PyPI registries) and compared it to the advisory's publish date, across 96974 OSSF npm packages and 3869 PyPI packages. The gap is how long the package sat installable before anyone was warned.
- 48% of flagged npm packages were already deleted, or their original publish record erased on takedown, by the time we looked.
- Median exposure among the 52% still placeable on a timeline was 513 days; 71% had been installable for over a year.
- On PyPI, 100% of checked packages were already gone from the registry entirely.
By the time an OSSF advisory reaches you the damage is done: anyone who installed the package during the window is already compromised, and the advisory is a post-mortem, not a warning.
Closing the window: Malscan at install time
Vulnetix Malscan runs at install time inside the Package Firewall, checking every package against this same intelligence before it reaches your build, so a malicious dependency is blocked as it installs, not catalogued a year later. Registries and platform teams can also run the Malscan CLI on demand, before publishing, to confirm they are not shipping malware into their own build systems or downstream to their customers.
Method: first-publish via the deps.dev API; advisory date from the OSV record. Packages absent from deps.dev, or whose only surviving record post-dates the advisory, are reported deleted/erased. Computed continuously in the Vulnetix VDB; sample as of the latest run and growing.
Two audiences: SCA scanners and SOC teams
A malware advisory only helps a scanner if it ships something machine-readable: a hash, a domain, an install command, an attacker account. Counting the actionable indicators per feed shows which reporting a defender can act on.
Built for different jobs
OSSF Malicious Packages and OSV are built for SCA scanners: is this installed dependency on a known-bad list, by name? For that job a name is enough. Across August 2024 to July 2026 the OSSF feed accounted for 203.4K advisories (81% of everything counted here) and 212.2K IOC samples, of which 211.6K are the package name or a version.
Vulnetix ingests every one of those MAL- advisories and enriches it, resolving package coordinates, adding context, and running its own analysis over the package. That enrichment surfaced 635 actionable indicators and 167 attributed accounts on advisories that arrived as names alone, real value on top of what OSV publishes, though sparse by nature.
A SOC asks a different question, what do I block, hunt and attribute, and that needs indicators and identities. The Vulnetix CLI Malscan corpus is built for it: 130.6K actionable indicators and 56.2K attributed accounts from 35.9K advisories. Different jobs, different data, both valuable.
Where the malware landed
The same 24 months, grouped by the ecosystem each malicious advisory targeted, ranked by advisory count.
| Ecosystem | Advisories | Packages | Actionable IOCs | Actors |
|---|---|---|---|---|
| npm | 204.7K | 204.9K | 10.2K | 8.5K |
| Composer | 15.6K | 15.6K | 43.4K | 30.3K |
| PyPI | 10.8K | 10.8K | 46.7K | 10.8K |
| Unattributed | 8.9K | 6.1K | 2 | 371 |
| Go | 4.2K | 3.9K | 15.7K | 2.8K |
| AUR | 4K | 4K | 10.4K | 2K |
| crates.io | 1.4K | 1.4K | 4.7K | 985 |
| brew | 435 | 435 | 120 | 411 |
| vscode | 408 | 531 | 68 | 16 |
| gem | 333 | 333 | 1.3K | 505 |
| RubyGems | 268 | 260 | 11 | 5 |
| openvsx | 224 | 389 | 52 | 5 |
| NuGet | 204 | 344 | 23 | 26 |
| Pub | 187 | 187 | 495 | 98 |
| dockerhub | 55 | 2 | 0 | 29 |
What August 2024 to July 2026 showed
Across the window the four feeds reported 251.8K malware advisories over 249.3K packages. Of the 352.7K IOC samples, only 133.6K were actionable indicators, and those, with the 57K attributed actors, came overwhelmingly from Vulnetix's own scanning and enrichment rather than the high-volume, name-only upstream advisories. Those advisories are useful, they feed an SCA scanner a blocklist, but they arrive after the fact: most flagged packages had been installable for months, and many were already gone by the time anyone was warned. The value is in the indicators, the attribution and the timing, and that is what the Vulnetix VDB and the install-time Package Firewall are built to carry.
Bucketed per source × ecosystem × month over the trailing window. advisories, iocSamples and actionableIocs are additive; packages and actors are counted distinct within each bucket, so a package or actor spanning multiple buckets is counted in each. actionableIocs is the subset of iocSamples excluding bare package-identifier types (package-name, typosquat, malicious-version) — i.e. the domains, IPs, URLs, hashes and other indicators a scanner can match on.
Know a package is malicious before it installs
The Vulnetix Package Firewall checks every install against this same malware intelligence, across 25+ registries, before the dependency reaches your build. The malicious domains, IPs and URLs behind these counts are also published as free STIX 2.1 feeds.
Start for free · See the Package Firewall · Malware campaigns and threat actors