499 matches found
Incorrect Authorization
Overview grumpydictator/firefly-iii is a personal finances manager. Affected versions of this package are vulnerable to Incorrect Authorization via the index and show functions in the user management API endpoints, which lack proper role verification. An attacker can access sensitive information...
EUVD-2025-117077
Malicious code in special-blush-firefly npm...
Malicious code in vertical-crimson-firefly (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9d3c74559c3b3550fcaf2e322a771a25d136c04e8e12f1335706771da8036c38 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-139097 Malicious code in vertical-crimson-firefly (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9d3c74559c3b3550fcaf2e322a771a25d136c04e8e12f1335706771da8036c38 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-117005
Malicious code in vertical-crimson-firefly npm...
MAL-2025-125662 Malicious code in damaged_firefly_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa1641ec2131d677be2011c95f112b8c806be240d250bcad96f0c522a8c4f999 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-100150
Malicious code in damagedfireflyz3n npm...
EUVD-2025-99710
Malicious code in yeastyfireflyz3n npm...
EUVD-2025-103733
Malicious code in modernfireflyz3n npm...
Malicious code in pale_firefly_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 497a996f2f950866b2c95470523178c0dab0ceafc90d460c51d870657a969afb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-104473
Malicious code in internationalfireflyz3n npm...
EUVD-2025-92122
Malicious code in excitedfireflyz3n npm...
EUVD-2025-74480
Malicious code in lostfireflyaqua-63 npm...
EUVD-2025-77307
Malicious code in combativefirefly-silentdev npm...
EUVD-2025-77640
Malicious code in educationalfireflyscarlet-6 npm...
EUVD-2025-77748
Malicious code in apparentfireflyz3n npm...
EUVD-2025-78030
Malicious code in unhappyfireflyz3n npm...
EUVD-2025-78955
Malicious code in jealousfireflyz3n npm...
Malicious code in apparent_firefly_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d9a448c3db435a5bb2bf002862ce02d64221fada2e723a1c91a45abe35107cad This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in thick_firefly_0xrequest (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e754cd21e9ef2933b7a9d924183d0606c01bdc3932e5f466f4d772bfa3ac721 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...