Malicious code in sqlite-oauth-quito-graphql (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 07ca71d4114f8ae4468c127def1828c69d2b57565bf13761cb5938f72ffc59da This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-178886

Malicious code in flare-ignite-graphql-eridanus npm...

EUVD-2025-179633

Malicious code in commitlint-config-angular-graphql-ursa-yakutsk npm...

MAL-2025-187206 Malicious code in graphql-nightmare-css-loader-abiogenesis (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 827a1eab8ee4f7a8518854247fd592f6a76ba721ba6900d144ce9f687b27a255 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-175982

Malicious code in testcafe-canopus-graphql-markdownlint npm...

EUVD-2025-175836

Malicious code in umbra-jekyll-foundation-graphql npm...

Cross-site Request Forgery (CSRF)

Apollo Studio Embeddable Explorer & Embeddable Sandbox are vulnerable to cross-site request forgery CSRF. The vulnerability is due to missing origin validation in the client-side handling of window.postMessage events, which allows an attacker to send forged messages that trigger arbitrary GraphQL...

EUVD-2025-123329

Malicious code in procyon-ganymede-foundation-graphql npm...

EUVD-2025-115869

Malicious code in bulma-webdriver-mocha-chariklo-graphql npm...

EUVD-2025-121850

Malicious code in solis-graphql-figures-mysql npm...

EUVD-2025-113818

Malicious code in europa-sirius-graphql-got npm...

EUVD-2025-113812

Malicious code in europa-vuepress-sass-loader-graphql npm...

MAL-2025-147986 Malicious code in slides-graphql-markdown-pdf-dynamo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e875d6758d07bb506554c8efb933ea288df266b933847f0fdb34e06da7e69b3c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143142 Malicious code in halley-graphql-europa-eridanus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55027f6a56c857da8cb0b35b787396175411ea1da50f3df1203935e5cd19b1e9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-113110

Malicious code in graphql-enceladus-meteor-jasmine npm...

EUVD-2025-113338

Malicious code in gacrux-nightwatch-nebula-graphql npm...

EUVD-2025-121032

Malicious code in ultra-graphql-xo-deimos npm...

EUVD-2025-116757

Malicious code in altair-airbnb-graphql-transform npm...

EUVD-2025-113098

Malicious code in graphql-webdriverio-husky-magellan npm...

EUVD-2025-124318

Malicious code in non-blocking-auriga-inquirer-graphql npm...