@11ty/eleventy (=3.0.0-alpha.16), @agiflowai/aicode-toolkit (>=0.6.0 <=1.1.0) +99 more potentially affected by CVE-2026-44646 via liquidjs (>=10.10.0 <=10.25.7)

liquidjs NPM version =10.10.0, =0.6.0, =0.1.0, =0.0.0, =0.5.5, =0.8.0, =1.0.1, =1.6.3, =3.11.0, =3.11.0, =3.11.0, =1.0.0, =1.0.0-beta.5 - @clairview/api =23.1.0 and more Source cves: CVE-2026-44646 Source advisory: OSV:GHSA-9X9P-QF8F-MVJG...

Malicious code in eris-jekyll-cryovolcano-charon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 78c6bf9654f4c623ec797e540eb954ccadb84659308a9899c1c079e94f206506 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in jekyll-resolvers-quark-xenobiology (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 34bfb629499da5c9e01ccc9365672ad6e8c74fb46d6ef77e41e64360a8d779ba This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in taurus-bootes-jekyll-neptune (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 143f6c7625fbfb9a7c5a98d8a3fc9b941d370f32ba8cb403bd8ca68227b26de6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in virgo-terser-webpack-plugin-resonance-jekyll (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5ab26d4bc9b5b8cbf6996ce1f3dfcf3ed1761087d93cbcdbea53728f32230010 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in warp-ora-duplex-jekyll (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d66ff385a22dffe023d98891710432d0c59ead5f5af2c822fff70f98049abf12 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in xerxes-auth-jekyll-ionosphere (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 51ad4f9df284c5088fa33be03291602f134c74a08bde68bd1d24c3220134e5cb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-175460

Malicious code in yakutsk-electron-nebula-jekyll npm...

EUVD-2025-175455

Malicious code in yaml-barnard-jekyll-magnetar npm...

EUVD-2025-176114

Malicious code in supernova-astrophysics-jekyll-webdriver-manager npm...

EUVD-2025-175715

Malicious code in virgo-terser-webpack-plugin-resonance-jekyll npm...

EUVD-2025-175650

Malicious code in warp-ora-duplex-jekyll npm...

EUVD-2025-175534

Malicious code in winston-writable-betelgeuse-jekyll npm...

EUVD-2025-175493

Malicious code in xerxes-auth-jekyll-ionosphere npm...

EUVD-2025-177343

Malicious code in paleontology-tailwindcss-tethys-jekyll npm...

EUVD-2025-177108

Malicious code in polaris-publish-vortex-jekyll npm...

EUVD-2025-176522

Malicious code in sass-loader-cluster-link-jekyll npm...

EUVD-2025-178543

Malicious code in hercules-radiant-jekyll-delphinus npm...

EUVD-2025-178537

Malicious code in hermes-jekyll-io-nightwatch npm...

EUVD-2025-178520

Malicious code in hologram-jekyll-radiometric-bellatrix npm...