Malicious code in sabuoaopa-muyafig-budfaiufa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cc64ab1950d93a41ac83cb8dc8b650019b05ff82484984bd9a702163c9888c0c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in polymeria-mayania (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36cbdd8c509d7632e2717513e70f71a6b586e5ea703e97970dfb09c3eaf822ca This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in nokire-zabuza51 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0afb8fbb65960b87e76d4578ff06d671acf9d2aea7a96ca0f283efcffa12e50f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in lookingan-nalako56 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d4d49db5e9e163b3cbadbfb78dda4a2807b727967d95e06fb8c7670acefe9a96 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-158150 Malicious code in lina-poke64 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1abf74803326fedb4c1484554d9cbe73e4ad01525bad4ed3abfb00270b1516c1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-150671 Malicious code in @miptaa02/fshg (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 33ef14016babb38ae9b908bd128172debee2a2607cc864e2f0c58e2ce55019b7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-155721 Malicious code in hariyono-poke116 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bed5e2704922f4775f8619b06535a8342c0589bc98f8d8463adffba95e3ff98a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-119994

The Booking Calendar | Appointment Booking | Bookit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/wp-json/bookit/v1/commerce/stripe/return' REST API Endpoint in all versions up to, and including, 2.5.0. This makes it possible fo...

CVE-2025-12633

The Booking Calendar | Appointment Booking | Bookit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/wp-json/bookit/v1/commerce/stripe/return' REST API Endpoint in all versions up to, and including, 2.5.0. This makes it possible fo...

MAL-2025-143904 Malicious code in jekyll-fetch-lyra-lint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 629b4fa570a0d70e8141464581ed15f4719b44b0916381a26d46e3b4a2b7a6c6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in scripts-oberon-draco-pavo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ed3525dda84b2464924e546f9db3f3b484347614d1b7b1e1a561b063779b2898 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in capella-axios-build-ophiuchus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6de1782855692574879b52f874525f81e799648d8226dcd053e2552dc17fcfb6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141005 Malicious code in concurrently-firebase-remark-postcss-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc2bd0fdd87661ce67e74c146f4b7b9cc662fd907f84c6906e86d075e198c677 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144174 Malicious code in kinetic-impulse-polaris-webpack (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dae9f06594bf0c0f9bf149fd6065ba7e289724e2ad9f2bc222b94bf5de59733d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in non-blocking-supervisor-ophiuchus-eclipse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f939fe54d02544db9be3e7c6ea222a84099693d0f32fdf8582144f656082507d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in umbriel-chai-celeste-registry (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cb53ad9f8260d9f1a374259b5f212dbf32617f7afc84f7ce85b009b16a3e5db2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in await-altair-got-graphql (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5a660fc5e738c8d00b5f3881d89852c995e28e12b38ece3a1ead965d679ec57a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145004 Malicious code in mira-cache-cross-env-babel (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 300f84b23994bc74cbce26b47d6fa618ed69bc1cd0ffc0ca0702cdd19eb02cec This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

CVE-2025-11894

The Shelf Planner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several REST API endpoints in all versions up to, and including, 2.8.1. This makes it possible for unauthenticated attackers to modify several of the plugin's settings li...

Malicious code in rear-plum-parakeet (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9ffd81f1734d7fa552bd5594dc59d95992e061a66053a76bc90bccdf93c4904d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...