EUVD-2025-55309

Malicious code in compact-green-silkworm npm...

EUVD-2025-55308

Malicious code in compact-indigo-alpaca npm...

EUVD-2025-55310

Malicious code in compact-green-shrimp npm...

EUVD-2025-55312

Malicious code in compact-beige-crocodile npm...

EUVD-2025-55304

Malicious code in compact-tan-goldfish npm...

Malicious code in compact-maroon-guppy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 909a58b99ce334b90d44a602b9d9f08389a8b8b22443e97914e8ba2ef29a4956 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in compact-tan-goldfish (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bbb1318ab14f4cc4798fc18728a5a460623690b36a34a54f02571af3c938f06a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-67338 Malicious code in compact-blue-sturgeon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d5f87e1eac2ed4f3288ab6975861c89eab1c22abc554ecba38edf19e0874ddaa This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-55313

Malicious code in compact-amaranth-pheasant npm...

EUVD-2025-55306

Malicious code in compact-maroon-rook npm...

EUVD-2025-55311

Malicious code in compact-blue-sturgeon npm...

Malicious code in compact-green-shrimp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6f9286c69cf114a3585fd24fefadd4408fdcae89285d495751dff1e18936bc40 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-50541

Malicious code in compactcaterpillarz3n npm...

Malicious code in compact_hamster_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0d5b2091df950dbc82aae5b73a87b9692c6b36f9735f0ea9b5f6977210b2845 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-48282

Malicious code in compacthamsterz3n npm...

EUVD-2025-48283

Malicious code in compactdonkeyz3n npm...

Revive Adserver admin-search.php file cross-site scripting vulnerability

Revive Adserver is an open source ad serving system that allows advertisers, publishers, and networks to place ads on multiple platforms e.g., websites, apps, video players and supports ad effectiveness tracking, campaign management, and placement rule definition. Revive Adserver suffers from a...

go-jose: Go JOSE's Parsing Vulnerable to Denial of Service

A flaw was found in GO-JOSE. In affected versions, when parsing compact JWS or JWE input, Go JOSE could use excessive memory. The code uses strings.Splittoken, "." to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large numb...

CVE-2025-27208

A reflected Cross-Site Scripting XSS vulnerability has been identified in Revive Adserver version 5.5.2. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and execute injected JavaScript code in the context o...

EUVD-2025-37231

A reflected Cross-Site Scripting XSS vulnerability has been identified in Revive Adserver version 5.5.2. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and execute injected JavaScript code in the context o...