PT-2026-46233

🔒 API Platform CVE-2026-49858: JSON:API & HAL normalizers cached components across users on long-running runtimes FrankenPHP, RoadRunner, Swoole. Patched in 4.1.29 / 4.2.25 / 4.3.8 — upgrade now. https://t.co/1oIPjtQjqB...

EUVD-2025-117489

Malicious code in clumsy-coffee-roadrunner npm...

EUVD-2025-117298

Malicious code in innovative-lavender-roadrunner npm...

EUVD-2025-117291

Malicious code in interesting-tan-roadrunner npm...

Malicious code in clumsy-coffee-roadrunner (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 97bff92247a9e6cb083fc07fcfdedf3b1a9ca205d45cc4370d9a15f7c874727d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-137337 Malicious code in tiny_roadrunner_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c87d68629467a2238085832f14aaa5c9bcf22f20b11648d6b592ae380150d7c1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in distinguished_roadrunner_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ef98458c4aee9e633911a6dec37fe72522cd0bc6729a2d673e0049a7a66b864a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-99759

Malicious code in distinguishedroadrunnerz3n npm...

EUVD-2025-102136

Malicious code in softroadrunnerz3n npm...

EUVD-2025-102974

Malicious code in promisingroadrunnerz3n npm...

MAL-2025-122554 Malicious code in prior_roadrunner_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 20cea532cb294460f572dfdf7fe6b761b6ea303723a026af0f1fed38859c9ae0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-93953

Malicious code in worthwhileroadrunnerz3n npm...

EUVD-2025-95746

Malicious code in priorroadrunnerz3n npm...

EUVD-2025-88480

Malicious code in thunderingroadrunnerz3n npm...

EUVD-2025-74881

Malicious code in ashamedroadrunnersilver-71 npm...

MAL-2025-111880 Malicious code in expensive_roadrunner_silver-30 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e991d53d4efff9d9edae384576b10e1e8aa3db22c1084c57dfe6b6e173543cf0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-75265

Malicious code in visualroadrunner-gooddev npm...

EUVD-2025-76322

Malicious code in maximumroadrunner-biggestdev npm...

EUVD-2025-76889

Malicious code in extraordinaryroadrunner-excellentdev npm...

EUVD-2025-77309

Malicious code in colossalroadrunner-appteadev npm...