Malicious code in umbra-iota-graphql-callback (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0216011a857c745443a164b8b961b2825a42498fd66c95b1ea56899885b894bd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in sqlite-oauth-quito-graphql (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 07ca71d4114f8ae4468c127def1828c69d2b57565bf13761cb5938f72ffc59da This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-175837

Malicious code in umbra-iota-graphql-callback npm...

EUVD-2025-178886

Malicious code in flare-ignite-graphql-eridanus npm...

EUVD-2025-179633

Malicious code in commitlint-config-angular-graphql-ursa-yakutsk npm...

EUVD-2025-175982

Malicious code in testcafe-canopus-graphql-markdownlint npm...

EUVD-2025-175836

Malicious code in umbra-jekyll-foundation-graphql npm...

EUVD-2025-178126

Malicious code in less-loader-orbit-outercore-graphql npm...

EUVD-2025-178676

Malicious code in graphql-nightmare-css-loader-abiogenesis npm...

MAL-2025-187206 Malicious code in graphql-nightmare-css-loader-abiogenesis (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 827a1eab8ee4f7a8518854247fd592f6a76ba721ba6900d144ce9f687b27a255 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187207 Malicious code in graphql-npm-soap-fermiparadox (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 56716e434cd1c5a44faa2761e4607685f3dc1bfd3de906c84be90f3ba243a05b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Cross-site Request Forgery (CSRF)

Apollo Studio Embeddable Explorer & Embeddable Sandbox are vulnerable to cross-site request forgery CSRF. The vulnerability is due to missing origin validation in the client-side handling of window.postMessage events, which allows an attacker to send forged messages that trigger arbitrary GraphQL...

EUVD-2025-115359

Malicious code in child-process-graphql-unuk-bootstrap npm...

EUVD-2025-115869

Malicious code in bulma-webdriver-mocha-chariklo-graphql npm...

EUVD-2025-121850

Malicious code in solis-graphql-figures-mysql npm...

EUVD-2025-113818

Malicious code in europa-sirius-graphql-got npm...

EUVD-2025-113812

Malicious code in europa-vuepress-sass-loader-graphql npm...

EUVD-2025-113110

Malicious code in graphql-enceladus-meteor-jasmine npm...

EUVD-2025-113338

Malicious code in gacrux-nightwatch-nebula-graphql npm...

EUVD-2025-112969

Malicious code in halley-graphql-miranda-changelog npm...