Lucene search
K

1910 matches found

Snyk
Snyk
added 2026/01/26 9:29 p.m.4 views

Directory Traversal

Overview @pnpm/package-bins is a that returns bins of a package. Affected versions of this package are vulnerable to Directory Traversal via the getBinsFromPackageManifest function. An attacker can modify file permissions outside the intended directory by supplying a crafted value in the...

7CVSS6.3AI score0.00244EPSS
Exploits1References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.6 views

Malicious code in xenos-xanthus-celeste-react-bootstrap (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e905ee031b2c4ef7912618f1d64a99f35e6da479055f1504c5b29a0adaac500 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.9 views

Malicious code in greatfilter-lithosphere-isostasy-rocket (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 46f7d248bef693a8fe521be2c4a3d53ecdbed962532c5d5fdff3115cdb68648d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSV
OSV
added 2025/11/13 3:23 a.m.2 views

MAL-2025-186300 Malicious code in convict-thuban-blackhole-chromedriver (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8bb6a9fa5d9acaa434dc2364eaaa6b7354739a09a6861905104ab7931ed2f0fb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/13 3:23 a.m.3 views

MAL-2025-189487 Malicious code in sigma-compile-simulate-integer-bash (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f87b70777042ad32ae95af653783e72af8820ef025ba4e9d2ab65f4b4da47c66 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.3 views

Malicious code in update-meteor-jupiter-kaus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4a6356d84e2bdfa2e9952503f7bfa22d9940fbccd3d5d7e5296766420d0ce81b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSV
OSV
added 2025/11/13 3:23 a.m.5 views

MAL-2025-186426 Malicious code in css-minimizer-webpack-plugin-vuetify-ichnology-redshift (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e51432f68b706b7ae7c14c4afd85ef5068b6383f1eb97bea5a751ea91677a542 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/13 3:23 a.m.11 views

MAL-2025-189553 Malicious code in soap-comet-adonis-karma (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0ba309579742e145eec67128cd1726f352994bbc24340da2452433bad6350725 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/13 3:23 a.m.4 views

MAL-2025-186311 Malicious code in coronalmassejection-asthenosphere-astrobiology-cassini (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c9cb81f3d331d2861ecc6df39b2c8a84b53696cd5c489d6e3157782d4426db0c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/13 3:23 a.m.5 views

MAL-2025-188667 Malicious code in phoebe-betelgeuse-sadr-miranda (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d981dd2f34c2bbb86c7ac516f54988b4077402f3ce86235f4cab5210ee90865d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.6 views

Malicious code in hot-float-moon-unix-fork (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bbc7cfe0783332584e55e88a0d036771aba6155e5b13fad52b4a4dbaf2311663 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSV
OSV
added 2025/11/13 3:23 a.m.4 views

MAL-2025-189208 Malicious code in resonance-middleware-octans-graviton (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9970ca8ef6e7f17379376bad34acd43e416abc3403acca977d152258ab4811af This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.6 views

Malicious code in cordelia-async-chariklo-farout (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1082e6a74aee52ffd5a2da69b0c99b63e1819f99a35a627fdce7a4b7582a049d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSV
OSV
added 2025/11/13 3:23 a.m.5 views

MAL-2025-187196 Malicious code in google-radiant-weywot-rocket (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 90c66e0686c4618a725de20e95e6ce1715c68327b6ccc280c359a1139312e4a2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.5 views

Malicious code in easy-kernel-deserialize-public-await (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c1c7f9693c4ee4fd27e0d30c8a5e7c70561a199ab73f1468b17ef1596d9c03dd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.8 views

Malicious code in release-it-materialize-quasarjet-perturbation (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 035050b3353edebeccd5d0176758cd056d40864422a03aac5416c61490399142 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.7 views

Malicious code in subduction-phylogenetics-tachyon-tethys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0d23e85fad2795bccb4695d01f55d114917b907a7cc918c35106dd514064a39 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.6 views

Malicious code in exoplanetology-command-heka-mensa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c20460cd88ac33a5b0699bef0fdd2e695b306f22592c147b6451eb2336f28ada This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSV
OSV
added 2025/11/13 3:23 a.m.2 views

MAL-2025-186169 Malicious code in cli-protractor-sqlite-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 190c6c3483bc31b868e8ea21008cfb3be634df9fe8e3d9179835190e130730f8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/13 3:23 a.m.4 views

MAL-2025-185713 Malicious code in axios-envconfig-antimatter-xenos (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f9e13721c20695ceedd4b482837dbb84cd436a7acde3112801215ee490c3c1ff This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
Rows per page
Query Builder