25 matches found
Astra Linux – Vulnerability in Node-EJS
The ejs also known as Embedded JavaScript templates package in Node.js before version 3.1.10 lacked certain measures to prevent pollution...
Malicious code in weavedb-base (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 886f22636b5e4726978e23b10a4311fb7e65c2b10003da72429348fa617884d1 package.json declares "preinstall": "./vendor/setup", which runs a 976KB packed Linux x86 ELF binary sha256...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
NPM: vm2 Host Promise Resolution Preserves Object Identity Across Sandbox Boundary
NPM: vm2 Host Promise Resolution Preserves Object Identity Across Sandbox Boundary vulnerability discovered by ? in WordPress Npm vm2 versions = 3.10.5...
10up-toolkit (>=6.0.0 <=6.5.1), @0ti.me/ts-test-deps (=0.2.0) +6570 more potentially affected by CVE-2026-26996 via minimatch (>=9.0.0 <=9.0.5)
minimatch NPM version =9.0.0, =6.0.0, =1.1.0-pre.1, =1.4.0, =9.1.0, =1.17.3-testing-284.48.0, =1.0.0, =1.1.6, =0.0.0-alpha.1aa37fb04f1f, =1.1.3, =1.0.6, =1.0.25 and more Source cves: CVE-2026-26996 Source advisory: OSV:GHSA-3PPC-4F35-3M26...
Malicious code in sturdyfetch18 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2f9640d57b25e356462b9f06e02423032b3b0a0d2f4cf9b5d1e246a116a82af4 The package sturdyfetch18 was found to contain malicious code...
EUVD-2025-200872
Malicious code in elf-stats-marzipan-cookiejar-316 npm...
EUVD-2025-176272
Malicious code in spectron-chromedriver-thermosphere-cosmogenic npm...
Malicious code in baryon-helmet-apollo-meteor (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e509619c8cda9fd9f1db9cb20bb317bddf00e771bcc44d0c746b082e3da2e4b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in miusafasdagan-nasduat-bais (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9d09fdde4f85a1c616154a03bda7f1916abfe0ff8236ce1baf3ef121088b5afa This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in uinsu-losit-dilaubaamukabi (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5724f7e26ce22aeaa6160eeea503a5e8de4768fe5101998157401f44781e7158 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in dajouka-faaa-ssa (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 27eda1bb5dc5514bba300ea490c6c8b4faa8e4217636585d356d045d03674755 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in excess_sawfish_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9ccc3c05b73994322b8d9949e5e484972159f7d0eb577953b8cf97865ff8ec3a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-76206
Malicious code in negativestingray-notthedev npm...
MAL-2025-99457 Malicious code in andi-sambalado29-ruro (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 763b57eb59197665d52d6fb0dfa9516cca2e70ac70863afc49320dc13b1c4bc4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in outstanding_gibbon_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3b460a4e12858459725f0fc84c72960d305ab9b2b80c820c16944df02d213806 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-84453
Malicious code in ocha-pecel71-miaww npm...
EUVD-2025-84462
Malicious code in ocha-kue78-miaww npm...
MAL-2025-64093 Malicious code in lisa-moci91-sumpek (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 23de3babb893742cc3846dc403b412f8c66aa82d7599b40825d62ebc67f6cd22 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-44075
Malicious code in didi-store npm...