248 matches found
Covert Storage Channel
Overview @anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you. Affected versions of this package are vulnerable to Covert Storage Channel via the...
Command Injection
Overview @anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you. Affected versions of this package are vulnerable to Command Injection via improper...
Arbitrary Code Injection
Overview @anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you. Affected versions of this package are vulnerable to Arbitrary Code Injection via th...
Directory Traversal
Overview @anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you. Affected versions of this package are vulnerable to Directory Traversal via the ZSH...
Malicious code in ids-enterprise-mcp-server (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7eff48b53ace7d90fb4a9c05eb62e2e8e1b6540f5dd4058611b4aa8203057276 The package ids-enterprise-mcp-server was found to contain malicious code. Source: ghsa-malware...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Malicious code in @strapbuild/react-native-perspective-image-cropper-2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d5e2f74d9d1d21777c83aa98d57c78a19a6161665a8af16c87f380f0d5b8139e The package @strapbuild/react-native-perspective-image-cropper-2 was found to contain malicious code. Source: ghsa-malware...
Arbitrary Code Injection
Overview @anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you. Affected versions of this package are vulnerable to Arbitrary Code Injection via ya...
MAL-2025-188394 Malicious code in octans-yakutsk-dotenv-leda (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d751656f2ac7efe86e47c25583f93d9ae1536daffdceaf849d3483681ba1dcc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-179573
Malicious code in cordelia-websockets-yakutsk-quark npm...
Malicious code in socketio-elara-europa-dotenv (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 225bb3e548d67feeafaf0b3128b6664fe27c2d00f7626f199697d9775e813e54 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in key-class-optimize-notify-fire (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8d94bf43315a8c1c2893814e9659a334209b0e31030d5d9e792fbd92c4daf7c1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in jwt-mutation-dagda-octans (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e2929db64171afec57703302466935401c6763c0dcb88032f7433c14889af5a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-188719 Malicious code in pipe-got-filament-xenon (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e7b64a0c0583f810c7bf936719ae9719767e9f1dfbc35d94dfc570626eb634fa This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-182817 Malicious code in itale-adci-akontolbapakmuulolotlsrtjygfsri (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4733999062be85fdee2b9a79199ded07ab2d57785a8b5a8aadf3cb855ffc46e4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-136338
Malicious code in itale-adci-ggpantekkoyu npm...
MAL-2025-183010 Malicious code in itale-dci-rr (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dbd9c5061aa2c7a094df9d44f198af6643c3f6b5d139bfa22562b8896bb69fc1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-184899 Malicious code in sonic-jos-affoa (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 598d9f3aa2d6680dafcabadf73b5be6d33aa841560a0ff888cbf95f624acd953 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-184267 Malicious code in modiov-khan-avcafivaivuvagavacd (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f387025f08622866d5e7d334b2064e4902cbd4f2021c00e41571444e25268a3c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-180829 Malicious code in teate-thy-sonic-parlub (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d0decd21a301fc2bfd3effb61c8824c1244cd7678312cc02f887b4bdb854b482 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...