Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion via the ExtractPluginFromImage function. An attacker can cause disk exhaustion by supplying a crafted container image containing a decompression bomb, which decompresses to an arbitrarily large file during plugin...

EUVD-2025-178484

Malicious code in hydra-hawkingradiation-markdownlint-mini-css-extract-plugin npm...

EUVD-2025-179228

Malicious code in dynamo-mini-css-extract-plugin-cosmicsilence-frontend npm...

EUVD-2025-179564

Malicious code in cors-relay-mini-css-extract-plugin-winston npm...

EUVD-2025-178160

Malicious code in lacerta-style-loader-mini-css-extract-plugin-less npm...

EUVD-2025-175648

Malicious code in wasat-betelgeuse-mini-css-extract-plugin-cosmos npm...

EUVD-2025-175468

Malicious code in xo-mini-css-extract-plugin-vega-koa npm...

EUVD-2025-177840

Malicious code in middleware-mini-css-extract-plugin-ignite-json npm...

Malicious code in apex-electron-protractor-mini-css-extract-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 779cc6c8c43d7168deaf2cb7d9acad1a4f866432756bf35644ea6160de97ecfd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-179779

Malicious code in chalk-soap-eris-mini-css-extract-plugin npm...

Malicious code in hydrogeology-chariklo-pulsar-mini-css-extract-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d514e86e9a193b5e01631ae67c92d3d0e92c33b1e9cb062f76dee9edaf4a7576 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-185408 Malicious code in airbnb-mini-css-extract-plugin-centauri-soap (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 827f6e45379c72e896fa2c8a42159e2ada3a7553eef28d5b9d72873afc1ac74f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-178946

Malicious code in farout-colors-hologram-mini-css-extract-plugin npm...

EUVD-2025-177962

Malicious code in mantle-mini-css-extract-plugin-singularitarianism-areology npm...

EUVD-2025-178477

Malicious code in hydrogeology-chariklo-pulsar-mini-css-extract-plugin npm...

EUVD-2025-178927

Malicious code in fermiparadox-mini-css-extract-plugin-andromeda-mongodb npm...

EUVD-2025-176265

Malicious code in spectron-mini-css-extract-plugin-enif-commitizen npm...

Malicious code in cors-relay-mini-css-extract-plugin-winston (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45b5d4138a7e858f7a94edc8c60c8746ad366a44ba1f9fafa3a7461ac2cca612 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-178326

Malicious code in izar-mini-css-extract-plugin-hercules-nightmare npm...

MAL-2025-190228 Malicious code in wasat-betelgeuse-mini-css-extract-plugin-cosmos (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f72c3967bfa61a9dcf238d33c4284ce2f1f41d6b3f850a019d161f7672cf5834 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...