40123 matches found
Longitudinal Analyses of SAST Tools: A CodeQL Case Study
Open-source software OSS pipelines rely on automated static analysis tools to prevent the introduction of vulnerabilities in code. However, there is limited understanding of the efficacy of these tools across the OSS ecosystem over time. In this paper, we introduce a novel method to evaluate stat...
CVE-2025-64753
grist-core is a spreadsheet hosting server. Prior to version 1.7.7, a user with only partial read access to a document could still access endpoints listing hashes for versions of that document and receive a full list of changes between versions, even if those changes contained cells, columns, or...
Malicious code in vortex-auth0-string-holography (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d4b12f620e4fb06f261bdd80d409124bb22468e54001e0012b822d68da3e2741 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in epimetheus-uninstall-cressida-sedna (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector efbfee41fefce5715d914720f5044a88f951f4b0361bc31c803542153c084c86 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in socketio-cordelia-nightwatch-petrology (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b4209f9a2070f854d5309b6e36e08d1ae3e7f215e342ac56025d7be33d1cf16d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in kronos-inquirer-promise-dactyl (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 061924477c364a15646e4464bbe03fb996300c139bfe1c00cc40eef390aa71a4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in australis-prosthetics-cygnus-xerxes (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a2c7f44f8a1fc4bee8f9c950dc48f3fe4c5d0ada66b921fdecb7432b24e85745 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in areology-polaris-gatsby-phoebe (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5b703fe4c7e4dcddf7c314d7abd66fa38950215c0f1ce19c252e7a5a8c1ca487 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in prettier-meteor-mineralogy-vuepress (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7db2695a262bc6e69c6034c20bc2c7d9eff61f2b332c8b08bb2467def0f247e0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in hermes-jekyll-io-nightwatch (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cebbffea7d927de23aca7aba4078e9cd9b853bf3771183fa290a72232a56eb7c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in native-rate-limiter-uninstall-regulus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f38f83b9375b1dbb5616eb88f859c2dc6f2ddb8d31a21fdcdf96be69a301dd89 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in phenomic-terser-markdown-archaeogenetics (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e13a9d7b5e5952c9e0e3739c59d67083e0e9be60d192f6c9be7f735b5ca17d9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in error-fast-class-visualize-new (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 29ab6287114c993123a1c774b449f01bfe2dc45a5f5b310517d84dc224ebd170 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in fornax-janus-fusion-css-minimizer-webpack-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b0fb880a3bfb6b4d32d650b9778f2bab22b66cda0b72f0639a80bccf3fcd8cf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in centaurus-miranda-meteor-frontend (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4f9dfde358d6a071c63d8cd5d8c57a54d7e60b2c7c26ccf05411518e4daeeb61 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in procyon-json-dynamo-neutrino (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector be2e07823e5cce346b257d22926e479c2d0a207460567f6726c84336674fe59f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in babel-ophiuchus-mira-bellatrix (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 291b6aeb47d975e9c581c055a5fc588f2982e746b1eb66b2ea5080cd10619df6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in callisto-hyperion-dactyl-equinox (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 94f5fbb4310291c69ae8f62db97f4ea9145c9fcda4341d9b4daa0178186b0d4f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in html-webpack-plugin-wavefunction-local-ora (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e9b889caa4d6bb6e7f090a2532d0cdfd4fc1ca62791b86087f1d8923688f6937 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in koa-higgs-jasmine-wezen (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a94744e4363382314160fd2c7e5b498755be2a10ae9e8fa7b684813a28d90a46 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...