Malware DB

Xygeni Open Source Security is designed to provide complete protection against vulnerabilities and malicious code, ensuring your applications remain secure and resilient. With a robust suite of capabilities, Xygeni offers unparalleled visibility and control over your open-source components, helping you to manage risks effectively.

In addition to these SCA features, Xygeni offers an Malware Early Warning (MEW) service designed to raise alerts for suspicious packages. This service proactively protects your software supply chain and supports the implementation of security gates to block malware threats before they infiltrate your application.

See Malware Early Warning (MEW) service for further details

You can search for dependencies/packages to inspect whether have some kind of malware evidences. For these purposes, Xygeni provides OS Malware DB, a search engine that queries the MEW database.

OS Malware DB displays information about any public software package with malware evidences, not only about those being used by your applications.

If you want to know if you are using some package tagged as malware, you can go to Open Source >> Components (to see all the components that you are using) and filter by Alert Type : Malware (see Inventory - Components for further details)

The OS Malware DB displays information about:

  • Number of detected Malicious packages by MEW

  • Evidence distribution according to type (see Common types of Malware packages)

  • A table that lists all the malicious packages detected by MEW

  • Filtering fields to search by different criteria:

    • Current status: Quarantine, Confirmed by Xygeni, Confirmed by Registry (see

    • Component and version pattern (admitting wildcards)

    • Likelihood: depending on the maliciousness score, the malware evidences can be tagged as "potential" or high risk")

    • Component's Publisher

Malware details (MEW)

Summary tab shows detailed information about the component:

  • Symmary info

  • Info about the Publisher

  • Scoring of the component

  • Malware detected status

Malware evidence tab shows detailed information about the code evidences found:

Last updated