MAL-2025-186265 Malicious code in concurrently-configstore-lyra-perseus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dbdd3e3fbd31161db4d4c071bc50e19eb1af1064e748a5e2f0131d7ff033d0b1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in rindaman-poke23 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3617c2cbd6476df934330153ece4593b9ce48955102cb9e44c84640bc224d844 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in teagood-nakama20 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4336633a9609eccaff4299ffeb1f5d4b03f96a5971a297c9701984f86d065a4e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-119938 Malicious code in fajar-jus71-breki (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b4f12f15ecb5a8077465dc36e9b09933aef1938c9800aa4b1a950620788ff08 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-106014 Malicious code in mulyono-lapis1-remi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fc2b8c0464c1b12459f5c33ec3b4ea0b3abb23f126279947a4c70213d04a71f8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-105398 Malicious code in lutfi-gembus91-ruro (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f2628cf97bc8db1b0014edbab8aa6e726d946a9fc05e9fa9fb2b459c9ba23ec This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in fauzi-miemee27-sukiwir (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16c5220f5f7aa258be5b6ef964347ac7232eed14ffa5046fc9d582b11451a111 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-82194 Malicious code in warm_caterpillar_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c8f146302aa66d124f14aaa53a24532c2b1be1c75209a2f5314a6ef0560d3fea This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-52413 Malicious code in tania-telurtahu22-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector deb87fe063dda671129e2ce57ea988fea0d09839321fd9b3c93d668a5abc69d4 The package tania-telurtahu22-sluey was found to contain malicious code. This package appears to be part of the tea.xyz token reward campaign that...

SA-CONTRIB-2010-076 - Dashboard - Cross Site Scripting (CSS)

The dashboard module allows users to create a personalized set of pages of widgets created from existing blocks and nodes like iGoogle. The module does not escape user generated names for tags & titles associated with default widgets that are added to a user dashboard page, leading to a Cross Sit...