1910 matches found
Directory Traversal
Overview @pnpm/package-bins is a that returns bins of a package. Affected versions of this package are vulnerable to Directory Traversal via the getBinsFromPackageManifest function. An attacker can modify file permissions outside the intended directory by supplying a crafted value in the...
Malicious code in xenos-xanthus-celeste-react-bootstrap (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e905ee031b2c4ef7912618f1d64a99f35e6da479055f1504c5b29a0adaac500 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in greatfilter-lithosphere-isostasy-rocket (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 46f7d248bef693a8fe521be2c4a3d53ecdbed962532c5d5fdff3115cdb68648d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-186300 Malicious code in convict-thuban-blackhole-chromedriver (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8bb6a9fa5d9acaa434dc2364eaaa6b7354739a09a6861905104ab7931ed2f0fb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-189487 Malicious code in sigma-compile-simulate-integer-bash (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f87b70777042ad32ae95af653783e72af8820ef025ba4e9d2ab65f4b4da47c66 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in update-meteor-jupiter-kaus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4a6356d84e2bdfa2e9952503f7bfa22d9940fbccd3d5d7e5296766420d0ce81b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-186426 Malicious code in css-minimizer-webpack-plugin-vuetify-ichnology-redshift (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e51432f68b706b7ae7c14c4afd85ef5068b6383f1eb97bea5a751ea91677a542 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-189553 Malicious code in soap-comet-adonis-karma (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0ba309579742e145eec67128cd1726f352994bbc24340da2452433bad6350725 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-186311 Malicious code in coronalmassejection-asthenosphere-astrobiology-cassini (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c9cb81f3d331d2861ecc6df39b2c8a84b53696cd5c489d6e3157782d4426db0c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-188667 Malicious code in phoebe-betelgeuse-sadr-miranda (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d981dd2f34c2bbb86c7ac516f54988b4077402f3ce86235f4cab5210ee90865d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in hot-float-moon-unix-fork (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bbc7cfe0783332584e55e88a0d036771aba6155e5b13fad52b4a4dbaf2311663 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-189208 Malicious code in resonance-middleware-octans-graviton (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9970ca8ef6e7f17379376bad34acd43e416abc3403acca977d152258ab4811af This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in cordelia-async-chariklo-farout (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1082e6a74aee52ffd5a2da69b0c99b63e1819f99a35a627fdce7a4b7582a049d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-187196 Malicious code in google-radiant-weywot-rocket (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 90c66e0686c4618a725de20e95e6ce1715c68327b6ccc280c359a1139312e4a2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in easy-kernel-deserialize-public-await (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c1c7f9693c4ee4fd27e0d30c8a5e7c70561a199ab73f1468b17ef1596d9c03dd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in release-it-materialize-quasarjet-perturbation (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 035050b3353edebeccd5d0176758cd056d40864422a03aac5416c61490399142 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in subduction-phylogenetics-tachyon-tethys (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0d23e85fad2795bccb4695d01f55d114917b907a7cc918c35106dd514064a39 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in exoplanetology-command-heka-mensa (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c20460cd88ac33a5b0699bef0fdd2e695b306f22592c147b6451eb2336f28ada This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-186169 Malicious code in cli-protractor-sqlite-library (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 190c6c3483bc31b868e8ea21008cfb3be634df9fe8e3d9179835190e130730f8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-185713 Malicious code in axios-envconfig-antimatter-xenos (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f9e13721c20695ceedd4b482837dbb84cd436a7acde3112801215ee490c3c1ff This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...