124 matches found
CVE-2026-35594
Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, Vikunja's link share authentication GetLinkShareFromClaims in pkg/models/linksharing.go constructs authorization objects entirely from JWT claims without any server-side database validation. When a project owner delet...
MAL-2025-155680 Malicious code in hariyono-72 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 41ecec4666cad4a8322e0ff89050730e33b18cdaf02f3ea052201833cbc47569 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in alvira-72 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f3027b4b0f96084eecbec244ac5ac4d9c2eaa7dddefc1b27a5643e94f1ab31e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in aril-72 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dfe8a98625e3dad2d441baf974ce9fd9f4dad80b9b464b330676c35d5b128bf4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in billa-72 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f2cb750211526ef616373b0b84b30bf8de5596243f66ce0d561842b9e2c5ea3d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in bitha-72 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f79920f17e17991b4378fc2230bc9cf83ce72833566355b1b3610fce86620fec This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in cinta-72 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3653e5aa55135b1459e9e03c92c23ddd6c6b5b4c71d8be4367a0fe35ba53c7a5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in hariyono-72 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 41ecec4666cad4a8322e0ff89050730e33b18cdaf02f3ea052201833cbc47569 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in intan-72 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 79b5a333b728d4905db0fd8585e4ffd7e5c776150f33ca8a629557c46aed78d5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in kentung-72 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4163aed1d076846452617420160a0232586dba57c0bcf855fca81c1b9a24bb1c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in rita-72 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 98113579037909070c6dae22777de4b62617f7477f6c4223203a022ec5299405 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-156585 Malicious code in intan-72 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 79b5a333b728d4905db0fd8585e4ffd7e5c776150f33ca8a629557c46aed78d5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in alvino-72 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b71c9c23bb7ae2b18dae40a17a6944dec00f74a8019735d4458f84867e42e1df This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-157556 Malicious code in kentung-72 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4163aed1d076846452617420160a0232586dba57c0bcf855fca81c1b9a24bb1c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-152433 Malicious code in alvino-72 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b71c9c23bb7ae2b18dae40a17a6944dec00f74a8019735d4458f84867e42e1df This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-152875 Malicious code in aril-72 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dfe8a98625e3dad2d441baf974ce9fd9f4dad80b9b464b330676c35d5b128bf4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-74236
Malicious code in slimcraneapricot-72 npm...
EUVD-2025-74053
Malicious code in zoophagousrhinocerossilver-72 npm...
EUVD-2025-74391
Malicious code in outrageouscrabaquamarine-72 npm...
EUVD-2025-74311
Malicious code in recentdragonflyturquoise-72 npm...