3121 matches found
EUVD-2025-114833
Malicious code in cross-env-yakutsk-octans-graphql npm...
MAL-2025-143654 Malicious code in inquirer-pm2-graphql-miranda (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 964a75711a342b3eb5fc2ab4d78f2cf2af03901b2758dbe99095253d8708e938 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-142777 Malicious code in gacrux-phoebe-graphql-dagda (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3f68c04258710a2b6f395d4cf50b5517baaf63d917dbd72a928d9bf32e8bb1ba This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-139793 Malicious code in await-altair-got-graphql (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5a660fc5e738c8d00b5f3881d89852c995e28e12b38ece3a1ead965d679ec57a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-143797 Malicious code in janus-apex-writable-graphql (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector abfdc92c35108b7bac99e9f035fd519cc20125241b0a253c8541000e44936d16 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-144112 Malicious code in karma-kronos-protractor-graphql (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2613bf60636387829ca0905577e948da2806d337f061920b907c9fc948430379 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-141276 Malicious code in cross-env-yakutsk-octans-graphql (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3ec258cbc55d95a4aa0c35968e62956f226510e7535d823debd9ec5c976ed91e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-148658 Malicious code in thuban-oauth-graphql-colors (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f1bea268dfde784764d8a6760df49b436ccfb4a3c6881153cfd443747248420d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-147986 Malicious code in slides-graphql-markdown-pdf-dynamo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e875d6758d07bb506554c8efb933ea288df266b933847f0fdb34e06da7e69b3c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-144877 Malicious code in metalsmith-graphql-pegasus-hermes (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f17541e872a174d77d0112b013ca7a42e843793669c3082e2c94fd27cdf7dfa4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Gitlab -- vulnerabilities
Gitlab reports: Cross-site scripting issue in k8s proxy impacts GitLab CE/EE Incorrect Authorization issue in workflows impacts GitLab EE Information Disclosure issue in GraphQL subscriptions impacts GitLab CE/EE Information Disclosure issue in access control impacts GitLab CE/EE Prompt Injection...
CVE-2025-64493
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. In versions 8.6.0 through 8.9.0, there is an authenticated, blind time-based SQL-injection inside the appMetadata-operation of the GraphQL-API. This allows extraction of arbitrary data from the...
CVE-2025-64493 SuiteCRM is Vulnerable to Authenticated Blind SQL Injection via GraphQL
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. In versions 8.6.0 through 8.9.0, there is an authenticated, blind time-based SQL-injection inside the appMetadata-operation of the GraphQL-API. This allows extraction of arbitrary data from the...
CVE-2025-64493
In SuiteCRM versions 8.6.0–8.9.0, an authenticated, blind (time-based) SQL injection exists in the appMetadata operation of the GraphQL API, allowing extraction of arbitrary data without admin access. Affected component: GraphQL API, operation appMetadata. Root cause: improper handling/validation...
CVE-2025-64493 SuiteCRM is Vulnerable to Authenticated Blind SQL Injection via GraphQL
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. In versions 8.6.0 through 8.9.0, there is an authenticated, blind time-based SQL-injection inside the appMetadata-operation of the GraphQL-API. This allows extraction of arbitrary data from the...
SuiteCRM SQL注入漏洞
SuiteCRM is a customer relationship management system from the SuiteCRM team. A SQL injection vulnerability exists in SuiteCRM versions 8.6.0 through 8.9.0, which stems from an authenticated time-based SQL injection in the appMetadata-operation of the GraphQL-API, which could lead to arbitrary da...
This Week in Spring - November 4th, 2025
Hi, Spring fans! Welcome to another all-out installment of This Week in Spring wherein we attempt to recap all that's new and novel in the wild, wacky, and wonderful world of Springdom. And this week, I'm doing so from an airport in Switzerland, en route to Malmo, Sweden, for the amazing Oredev...
EUVD-2025-37140
Malicious code in epic-graphql-schema npm...
Malicious code in egstore-graphql-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a8f78f2a6abccca4b462d391732c3bc43094be0be51d4d3cc06a1686d1b554e The package egstore-graphql-client was found to contain malicious code...
Malicious code in epic-graphql-schema (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5cd084bb1d953fdf618916ebe2971c48ec09222cefe2ffde4698ef07d373707f The package epic-graphql-schema was found to contain malicious code...