EUVD-2025-178858

Malicious code in fork-webpack-kastra-chai npm...

Malicious code in fork-eslint-slidev-chakra-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 14f8ab67ea8427ea5b62140b04dc5a91e4b2512ef31a7be5a7f29ca3f838dfed This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in playwright-achernar-fork-quantum (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 92b8f8c34cd0569e980d0406ca537a6f31f0966e068ac568d2797b35fc517fbd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-44287 Malicious code in fork-superflare-multiverse-spectron (npm)

The package fork-superflare-multiverse-spectron was found to contain malicious code...

GHSA-5G97-WHC9-8G7J node-static and @nubosoftware/node-static vulnerable to Directory Traversal

node-static and its fork, @nubosoftware/node-static, are vulnerable to Directory Traversal due to improper file path sanitization in the startsWith method in the servePath function...