org.webjars.npm:adal-node (=0.1.28), org.webjars.npm:canvg (>=1.5.2 <=1.5.3) +14 more potentially affected by CVE-2026-41675 via org.webjars.npm:xmldom (>=0.1.31 <=0.6.0)

org.webjars.npm:xmldom MAVEN version =0.1.31, =1.5.2, =0.7.2, =0.14.0, =0.11.0, =7.14.0, =2.7.0, =2.9.2 and more Source cves: CVE-2026-41675 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-16134553...

MAL-2026-2732 Malicious code in buildkite-test-collector-jasmine-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d6e8247a020880206aa9a5d4eb40d4b1f61cf39245356fd6e91db063d0c14b79 The package buildkite-test-collector-jasmine-example was found to contain malicious code...

Malicious code in buildkite-test-collector-jasmine-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d6e8247a020880206aa9a5d4eb40d4b1f61cf39245356fd6e91db063d0c14b79 The package buildkite-test-collector-jasmine-example was found to contain malicious code...

org.webjars.npm:chai-backbone (=0.9.2), org.webjars.npm:express (=5.1.0) +5 more potentially affected by CVE-2026-4926 via org.webjars.npm:path-to-regexp (=8.2.0)

org.webjars.npm:path-to-regexp MAVEN version =8.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:path-to-regexp and may be impacted: - org.webjars.npm:chai-backbone =0.9.2 - org.webjars.npm:express =5.1.0 -...

org.webjars.npm:chai-backbone (=0.9.2), org.webjars.npm:express (=5.1.0) +5 more potentially affected by CVE-2026-4923 via org.webjars.npm:path-to-regexp (=8.2.0)

org.webjars.npm:path-to-regexp MAVEN version =8.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:path-to-regexp and may be impacted: - org.webjars.npm:chai-backbone =0.9.2 - org.webjars.npm:express =5.1.0 -...

com.github.searls:jasmine-maven-plugin (>=3.0-alpha-01 <=3.0-beta-02), org.webjars.npm:accord (>=0.28.0 <=0.29.0) +177 more potentially affected by CVE-2026-33750 via org.webjars.npm:brace-expansion (=1.1.12)

org.webjars.npm:brace-expansion MAVEN version =1.1.12 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:brace-expansion and may be impacted: - com.github.searls:jasmine-maven-plugin =3.0-alpha-01, =0.28.0, =2.15.2, =12.1.0, =1.3.0, =0.3.0...

Malicious code in koa-higgs-jasmine-wezen (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a94744e4363382314160fd2c7e5b498755be2a10ae9e8fa7b684813a28d90a46 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in webdriverio-jasmine-dione-perseus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e6aaff2bb3a08dfb706081881b34cb93ca43e0b8c54aa6229078a2bb1f5e1991 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-179123

Malicious code in entanglement-jasmine-seismology-nucleosynthesis npm...

EUVD-2025-176340

Malicious code in slidev-levels-install-jasmine npm...

EUVD-2025-178044

Malicious code in local-jasmine-gammarayburst-delphinus npm...

EUVD-2025-178293

Malicious code in jasmine-karma-innercore-csrf npm...

Malicious code in winston-pino-jasmine-jupiter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a5379730ea03719315dac34057961525d8cb45f557c9a2a4ad60fa9929dadfc6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in eslint-loop-meteor-jasmine (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 74c329a482c68f847b5078bc7c6cd99a0df89ac2ee483147aa5ed8810a29dc2c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-178345

Malicious code in iota-geomorphology-rate-limiter-jasmine npm...

EUVD-2025-177608

Malicious code in nightmare-jasmine-janus-prompts npm...

EUVD-2025-175538

Malicious code in winston-pino-jasmine-jupiter npm...

EUVD-2025-177233

Malicious code in petrology-supercluster-relay-jasmine npm...

Malicious code in biosignature-jasmine-solis-promise (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4b6320a51a6ff5ec4676483ba7f9cfb24e153d3e1ac3ff03e68da55a92a0610f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-179227

Malicious code in dynamo-run-script-jasmine-kuiperbelt npm...