Threat intelligence · Vulnetix Research Lab

Supply-Chain Malware Trends

Four feeds carry the world's known open-source malware into the Vulnetix VDB. This page counts what each one actually delivered, malware advisories, malicious packages, actionable indicators and the bad actors behind them, tracked per ecosystem, per month across August 2024 to July 2026. Some are built for SCA scanners to match a package by name; Vulnetix enriches them and adds SOC-grade detection and attribution on top.

251.8K
Malware advisories
249.3K
Malicious packages
133.6K
Actionable indicators
57K
Bad actors
The four feeds

What each feed carried across August 2024 to July 2026

Every malicious advisory in the VDB is classified into exactly one of four feeds: OSSF Malicious Packages (published to OSV.dev, built for SCA scanners), OpenSourceMalware (a commercial catalogue, ingested per user API key), Vulnetix CLI Malscan (standalone GCVE-110 findings, built for SOC detection), and the remaining enriched Vulnetix VDB corpus, which spans more ecosystems than any single upstream feed. Advisories, IOC samples and actionable IOCs are additive; packages and actors are counted distinct within each ecosystem-month bucket. Actionable IOCs exclude the bare package-identifier types (a name, typosquat or version).

FeedAdvisoriesPackagesIOC samplesActionableActors
OSSF Malicious Packages 203.4K 203.7K 212.2K 635 167
OpenSourceMalware (OSM) 8.7K 8.7K 5.4K 2.2K 588
Vulnetix CLI Malscan 35.9K 35K 132.2K 130.6K 56.2K
Vulnetix VDB 3.7K 1.9K 3K 214 72

What "Vulnetix VDB (enriched)" means

This bucket is not a single upstream feed. It is 3.7K malicious-package advisories aggregated from other databases, GitLab, Snyk, Gemnasium, GitHub (GHSA) and OSV, each of which, like OSSF, publishes primarily name-level records for SCA scanners. Vulnetix ingests and enriches them, adding the hashes, hosts, install commands and attribution the original advisory never carried, 214 actionable indicators and 72 actors on records that arrived carrying none. A scanner reading the raw upstream advisory cannot act on that; it would have to enrich the data itself, or query a source like the Vulnetix VDB that already has.

OpenSourceMalware.com

A note on the OpenSourceMalware figures. OpenSourceMalware is a commercial threat-intelligence catalogue, the "open source" is the subject (malware in open-source packages), not the licence. Under our agreement Vulnetix ingests OSM data only for users who supply their own OSM API key, so the 8.7K advisories shown here are the slice our users unlocked, not OSM's full catalogue. Vulnetix has also donated malware data back to OSM across several ecosystems.

Explore OpenSourceMalware → · Add your OSM API key to Vulnetix to widen this coverage.

Deep dive

The exposure window: how long is a malicious package installable before OSSF flags it?

We resolved when each malicious package was first published (deps.dev historical index plus the npm and PyPI registries) and compared it to the advisory's publish date, across 96974 OSSF npm packages and 3869 PyPI packages. The gap is how long the package sat installable before anyone was warned.

By the time an OSSF advisory reaches you the damage is done: anyone who installed the package during the window is already compromised, and the advisory is a post-mortem, not a warning.

Closing the window: Malscan at install time

Vulnetix Malscan runs at install time inside the Package Firewall, checking every package against this same intelligence before it reaches your build, so a malicious dependency is blocked as it installs, not catalogued a year later. Registries and platform teams can also run the Malscan CLI on demand, before publishing, to confirm they are not shipping malware into their own build systems or downstream to their customers.

Method: first-publish via the deps.dev API; advisory date from the OSV record. Packages absent from deps.dev, or whose only surviving record post-dates the advisory, are reported deleted/erased. Computed continuously in the Vulnetix VDB; sample as of the latest run and growing.

Detection value

Two audiences: SCA scanners and SOC teams

A malware advisory only helps a scanner if it ships something machine-readable: a hash, a domain, an install command, an attacker account. Counting the actionable indicators per feed shows which reporting a defender can act on.

Built for different jobs

OSSF Malicious Packages and OSV are built for SCA scanners: is this installed dependency on a known-bad list, by name? For that job a name is enough. Across August 2024 to July 2026 the OSSF feed accounted for 203.4K advisories (81% of everything counted here) and 212.2K IOC samples, of which 211.6K are the package name or a version.

Vulnetix ingests every one of those MAL- advisories and enriches it, resolving package coordinates, adding context, and running its own analysis over the package. That enrichment surfaced 635 actionable indicators and 167 attributed accounts on advisories that arrived as names alone, real value on top of what OSV publishes, though sparse by nature.

A SOC asks a different question, what do I block, hunt and attribute, and that needs indicators and identities. The Vulnetix CLI Malscan corpus is built for it: 130.6K actionable indicators and 56.2K attributed accounts from 35.9K advisories. Different jobs, different data, both valuable.

Ecosystems

Where the malware landed

The same 24 months, grouped by the ecosystem each malicious advisory targeted, ranked by advisory count.

EcosystemAdvisoriesPackagesActionable IOCsActors
npm 204.7K 204.9K 10.2K 8.5K
Composer 15.6K 15.6K 43.4K 30.3K
PyPI 10.8K 10.8K 46.7K 10.8K
Unattributed 8.9K 6.1K 2 371
Go 4.2K 3.9K 15.7K 2.8K
AUR 4K 4K 10.4K 2K
crates.io 1.4K 1.4K 4.7K 985
brew 435 435 120 411
vscode 408 531 68 16
gem 333 333 1.3K 505
RubyGems 268 260 11 5
openvsx 224 389 52 5
NuGet 204 344 23 26
Pub 187 187 495 98
dockerhub 55 2 0 29
In summary

What August 2024 to July 2026 showed

Across the window the four feeds reported 251.8K malware advisories over 249.3K packages. Of the 352.7K IOC samples, only 133.6K were actionable indicators, and those, with the 57K attributed actors, came overwhelmingly from Vulnetix's own scanning and enrichment rather than the high-volume, name-only upstream advisories. Those advisories are useful, they feed an SCA scanner a blocklist, but they arrive after the fact: most flagged packages had been installable for months, and many were already gone by the time anyone was warned. The value is in the indicators, the attribution and the timing, and that is what the Vulnetix VDB and the install-time Package Firewall are built to carry.

Bucketed per source × ecosystem × month over the trailing window. advisories, iocSamples and actionableIocs are additive; packages and actors are counted distinct within each bucket, so a package or actor spanning multiple buckets is counted in each. actionableIocs is the subset of iocSamples excluding bare package-identifier types (package-name, typosquat, malicious-version) — i.e. the domains, IPs, URLs, hashes and other indicators a scanner can match on.

Block it at the gate

Know a package is malicious before it installs

The Vulnetix Package Firewall checks every install against this same malware intelligence, across 25+ registries, before the dependency reaches your build. The malicious domains, IPs and URLs behind these counts are also published as free STIX 2.1 feeds.

Start for free · See the Package Firewall · Malware campaigns and threat actors