Kirby is missing permission checks in the content changes API

TL;DR This vulnerability affects all Kirby sites where user permissions are configured to prevent specific roles from performing write actions, specifically by disabling the update permission with the intent to prevent modifications to site content. If developers haven't configured any user...

GHSA-4J78-4XRM-CR2F Kirby is missing permission checks in the content changes API

TL;DR This vulnerability affects all Kirby sites where user permissions are configured to prevent specific roles from performing write actions, specifically by disabling the update permission with the intent to prevent modifications to site content. If developers haven't configured any user...

Malicious code in sails-soap-link-webdriver-mocha (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a1eacbc309f43b7b1aa6ae69633d9efe8c8721438d82fdf6da228ed4f8738927 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in passport-auth0-levels-biomimicry (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0b0bee65acdf68a6737b8995d1143686b1ef9027fdabf5ae14fdd070cbbf7242 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-190367 Malicious code in xenobiology-technocracy-dotenv-safe-brane (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 38f1940ec494c0d4680f56338f595cc22c7b88792f2adf2e663d5b3246e54920 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-189229 Malicious code in rho-alpha-phi-cluster-water (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d6e7a4ef57dd54f76ac6aa11467b48f4f5cc687a1a46e1934d0b1dff8c2cf4f4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-190348 Malicious code in xanadu-dotenv-safe-markdownlint-materialize (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3910fdac95250d53aecadede785513f9beceed180e4330b90a3808d260b82a43 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-190198 Malicious code in vuetify-greatfilter-terser-dysonswarm (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5584b28a5c8bf2d3e596254b7bc342240b88e3d2b09ddf72fbce2ee6d922d906 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-185715 Malicious code in axios-neutrino-fomalhaut-perturbation (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f428902c9048480558a598f879ec355d21f923763d3b297f190013b90c371cf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in eslint-config-nestjs-deneb-geckodriver (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c9742f772c4e9f496f2202e2e39872829c34c1fceef37add1baa8a95b96d759 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in atlas-standard-ursa-auth0 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b1c6f3fc3edf4f35bc1bbdcbf1b42b067954257dafb13d5506a7dc70a03f6785 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in genomics-upgrade-webpack-bellatrix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 88209a1ccc8c21100a6d59adf1dac66a2d0426235764f4dc3c46c16810cf811a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186275 Malicious code in config-darkenergy-heliophysics-quark (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0b3f2a08be0835c663a99803c2a7fa6298b462438acf40f200e42fac09cc218c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186138 Malicious code in chi-omega-permission-analyze-warn (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f1a333a6ba154a9285b807d782dbb2c72106fe930ef975007fb54ac5d2a6d251 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187800 Malicious code in link-upsilon-link-kappa-compress (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3067d1508451f6789510b62511e905e3046d9763f2244761c52bc46576b6b073 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188703 Malicious code in pino-pretty-electron-palynology-bootes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b36e22f77ac97013a394fdfb27730769ada345b6bc823b6adaff00ad707efbd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188216 Malicious code in neptune-europa-version-thermochronology (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c8bda02da4b17be35dae8af31f33e45190975dc5b800247dd179363537abfee5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in json-babel-regulus-void (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dddfbf5848f4ab527768d15fcbe5332b5abad764f67e59c571cbf84288ebf928 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in publish-prettier-stylelint-seismology-cors (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 43052a28656f175ae88ca3541de9f3932eec1054bee702e2ee6c71eec895aa73 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-185964 Malicious code in cache-mensa-leda-build (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 56788cff5b913c5a179cd511025821a24df1bc1ca382527d1e91bf6fd180e3ba This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...