MAL-2025-144621 Malicious code in magellan-alphard-cygnus-sirius (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fb03d334d5fb3fded9247c374d838c01faefeb9b836133ef2f495a0c002fda2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149463 Malicious code in wezen-mira-pm2-fusion (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 48dfb675efc87f46b8c1732d0a186062453d40de5752664af00e8082b7ca5d40 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141758 Malicious code in dotenv-safe-lint-standard-stream (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f96ce93bc5896847055a774b8ee4747daf6ed0538e96b9ffb3a4bcc8c1f03366 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146780 Malicious code in publish-concurrently-gacrux-sirius (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d2cfe0c3e58ae6358bb280c4b65e3b0a5ad1a578037814733f4f7581aa92c89c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

CVE-2025-43205

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to bypass ASLR...

CVE-2025-43205

CVE-2025-43205 describes an out-of-bounds access issue with improved bounds checking, fixed in watchOS 11.4, tvOS 18.4, visionOS 2.4, iOS 18.4 and iPadOS 18.4. The vulnerability may allow an attacker to bypass ASLR, with the Apple documentation indicating the issue affects Apple platforms and ver...

Malicious code in gita-klipo34-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b399b44754745859b1bee70f5adb821aa2fe46a7872638813e4411b4303a3fc1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in nurul-nasicampur96-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 13e77e1d3e9fb2e1a3d99ded628afd515a126697010dbd93e3ae5c2913c48a3b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in zaki-nasipecel90-sumpek (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b9252da46485dcda4ae44a8cb2d979f822e5be798ccdf571518721c96b7ea655 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-133641 Malicious code in galih-lodeh63-sumpek (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d674665f8394621734f9d8e3f4188925bd144f9c8463def7dc4aeadd6e642f3e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-132622 Malicious code in continuous_fly_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9def6fceb456b061c00e498a11707262f85486cef1aff1695db10f81d7d4f341 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-133670 Malicious code in galih-tempe23-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a15d029c4047909db626462bb701d329e2130b6805d1d9a66cc96459d697ac8b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in eka-sego96-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 49d85cebce5d1d6b5a81905b48b09a01aaf2eb666af619cd4531456da89a993d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in federal_pike_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 47b1160d8983e6eff80b2ceba62f0d13f5fd739354e702cce48d735980845bb8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in riana-nasisayur23-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e56fb00ba280e771c3af1cce6cb4775d0a1894c6b4545a487ab4b6b7f69cef0a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in yanti-telurtahu15-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e8bf618996599b5cffc5fc731a8aeca1647ce3bf8fbd011d385c0e934c5ca9b9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-130814 Malicious code in umi-keripik81-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b47bfd3982f2da5aa6079b88e16e98d490fb673f3f31074280aa2366d64f87d3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in bambang-keraktelor97-breki (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd77a9a3932a5ea8ce470842ec6743283e53bcf9cbc0647962423a079fc7c79c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in bambang-tumis16-breki (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d988e671c549189c8ac7cfbefe55b045249eace97acd92cd558518ab480e8336 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in cindy-mendoan83-breki (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bc06dc7dcbf70153af58b1737e90d28c2683da3a1e729ba2c0d10a60817861f3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...