5600 matches found
CVE-2026-42574
The CVE-2026-42574 issue affects apko dirFS used to build/publish OCI images. A crafted APK could place a TypeSymlink tar entry whose target points outside the build root, enabling traversal to host paths via subsequent directory creation or write operations within the same or later archive. Root...
CVE-2026-2625 Rust-rpm-sequoia: rust-rpm-sequoia: denial of service via crafted rpm file during signature verification
A flaw was found in rust-rpm-sequoia. An attacker can exploit this vulnerability by providing a specially crafted Red Hat Package Manager RPM file. During the RPM signature verification process, this crafted file can trigger an error in the OpenPGP signature parsing code, leading to an...
CVE-2026-2625
A flaw was found in rust-rpm-sequoia. An attacker can exploit this vulnerability by providing a specially crafted Red Hat Package Manager RPM file. During the RPM signature verification process, this crafted file can trigger an error in the OpenPGP signature parsing code, leading to an...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
MAL-2025-189804 Malicious code in taphonomy-commitlint-kardashevscale-loglevel (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 695ffb95ebfbe4a2099875c019ec792a3a780ee83517b91b3a5b79d3f44c0036 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-186453 Malicious code in cz-conventional-changelog-blitz-steganography-lacerta (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 730ff285678049eb66e80db3988bb6718e03f59c281d112d5768eb338419befa This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-186115 Malicious code in changelog-prompts-europa-blazar (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 146d38799b702fcf2aa71251a53635f3352bc26fc8c894932530f350b66a69b7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-189121 Malicious code in refactor-psi-xml-cold-sed (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 49df62b681f38d14d73246fbf7abeff09d01a5362d99320220c285c35bd561e7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-185812 Malicious code in biogeochemistry-xenos-nashira-petrology (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f82fe21385e7e511f088a5163fdd58d197f1dfb485a1f949ee04b4b14cd53d4d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-186621 Malicious code in dotenv-safe-jovian-astroinformatics-ablation (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 86a312ee1d39ce12596c3d43387bd9eead6fec93b1060c13fe52416868153972 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-189454 Malicious code in serialize-quick-alpha-book-resolve (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6c3a965104bed503baf5938acd3d4dda26b3d1e3317487000bed52dba4bc6959 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in testcafe-miranda-electron-umbriel (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6dc56bc034bb1eb4e4b4fd3fc8d7db620ba01d5807f3200c1c40cfe1f26c695 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in config-regulus-auth-ophiuchus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 602504708c1fa23065534bfce58fb93eb8c0713426b28a6b5331ac55f1425922 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in apex-aurora-xml-fomalhaut (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dd7d0a68560ea990b728310621a54435d29f21a74d08f8126b4956b41fc0234e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...