CVE-2018-10023

Catfish CMS V4.7.21 allows XSS via the pinglun parameter to cat/index/index/pinglun aka an authenticated comment...

Malicious code in shaky-coral-catfish (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6361350251693e5bea2acb3dcba1f5bb554382651bcbaef9f32f69b9e183b4e8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-117099

Malicious code in shaky-coral-catfish npm...

EUVD-2025-103779

Malicious code in meancatfishz3n npm...

Malicious code in integral_catfish_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e67a4e4a3bf39c92b4e0519021632e79b1f57ab8434e539e6bfb73e916d761c1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-127430 Malicious code in integral_catfish_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e67a4e4a3bf39c92b4e0519021632e79b1f57ab8434e539e6bfb73e916d761c1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-103042

Malicious code in personalcatfishz3n npm...

EUVD-2025-100723

Malicious code in vitreouscatfishz3n npm...

MAL-2025-128626 Malicious code in mean_catfish_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4e61cc7419cf7783d4d69f83b646461ae063335420f6bdda44d27513dd48d657 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-101460

Malicious code in angrycatfishz3n npm...

Malicious code in redundant_catfish_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9efb8f54b7233d5661efb9d4a4057bb3da6bbef3fd9a39fbf6c16ccb7b10615f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in ratty_catfish_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 98ee1d7f852315f622dcb6b5dc57a582730741a3fbed8f523278e6da26fa167a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-95470

Malicious code in redundantcatfishz3n npm...

EUVD-2025-95478

Malicious code in rattycatfishz3n npm...

EUVD-2025-94412

Malicious code in uselesscatfishz3n npm...

EUVD-2025-89011

Malicious code in roundcatfishz3n npm...

Malicious code in moaning_catfish_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fc5760ec19a34d3c38677bd9de520f7343fe60a7299571f48f816ad25254dbc7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-90049

Malicious code in moaningcatfishz3n npm...

EUVD-2025-77268

Malicious code in confidentialcatfish-apptea npm...

EUVD-2025-75237

Malicious code in weakcatfish-smiletea npm...