MAL-2025-121266 Malicious code in kresna-ragi24-breki (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a065bddeac34d86ae0fa5522d1c39182b0d0db892c9188a2d01854092e8a8955 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in python3-setuptools python3-setuptools-wheel setuptools

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in python3-setuptools python3-setuptools-wheel setuptools Vulnerability Details CVEID:CVE-2025-47273 DESCRIPTION: setuptools is a package that allows users to download, build, install, upgrade, and...

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in torch-2.6.0-cp313-cp313-manylinux1_x86_64.whl

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in torch-2.6.0-cp313-cp313-manylinux1x8664.whl Vulnerability Details CVEID:CVE-2025-2148 DESCRIPTION: A vulnerability was found in PyTorch 2.6.0+cu124. It has been declared as critical. Affected by this...

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in tar

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in tar Vulnerability Details CVEID:CVE-2022-48303 DESCRIPTION: GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to...

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in node

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in node Vulnerability Details CVEID:CVE-2021-43803 DESCRIPTION: Next.js is a React framework. In versions of Next.js prior to 12.0.5 or 11.1.3, invalid or malformed URLs could lead to a server crash. In...

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in axios-1.8.3.tgz

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in axios-1.8.3.tgz Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios prior to versions 0.30.2 and 1.12.0 runs on Node.j...

MAL-2025-113866 Malicious code in fajar-mieaceh35-miaww (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 00da7d5f35e19df4eb83c643d899ff8c9ec5f12ab2efb8d277ff155aa6d941e7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-116955 Malicious code in sari-ketan35-miaww (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd2c7e6f59859d0c5a0823ff4d18b2951d35943dd55ace5c0764a752317fb0f7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-117247 Malicious code in sunny_ostrich_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 905d8c46b7c30d53906d2c584ad7f5ecb7e5e70b9299f0db566ae4715e5410bd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in yuni-mendut36-miaww (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bc94fb93ac46c4361ab83157795d0e4e35d290cfda99992e91741e5797218686 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-117625 Malicious code in umi-kembang10-miaww (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c514fc2f373dc77576cb5d12168b51c055631c3785c8fee0117f0877d372ed6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-114778 Malicious code in indah-peyek82-miaww (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c776eba72a951378779a82c0e01313b610e4790347e68e37919adb9f01cecdc3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in putri-kue93-miaww (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4224edff97aae510af51e8e7b025dde29b9752fb701ecab3278fa7d65909474c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-117716 Malicious code in utomo-jamblang17-miaww (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1dc700ff90f6365a319d1d8ea0935afe57fd5b0f07c536ea19bcb22f2557b359 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-117677 Malicious code in unexpected_dingo_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 83fe663c57a8d5879a23405c715eb9de759272cbcefc1204b421775224c85918 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-117798 Malicious code in vera-rangginang39-miaww (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3b459eff662eae359f4c790f799d7f138946e08a42b0155679d132075abe6ee3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in patria-bakso27-miaww (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7475451a1b135c53573b7dba8b839262e20ae0940f77cbbabb27058e5e3a1d39 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-117077 Malicious code in sinta-otak-otak94-miaww (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f9f73386fc7c35fc34451aa593f18f63a6802f996f034cf7bc6c2d0294353177 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-114881 Malicious code in irma-moci5-miaww (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 11c9377c748ca0b62bb44eafd3077484ef112aeb9e2affada816a6b9a4a3575c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

CVE-2025-12155

A Command Injection vulnerability, resulting from improper file path sanitization Directory Traversal in Looker allows an attacker with Developer permission to execute arbitrary shell commands when a user is deleted on the host system. Looker-hosted and Self-hosted were found to be vulnerable. Th...