org.webjars.npm:adal-node (=0.1.28), org.webjars.npm:canvg (>=1.5.2 <=1.5.3) +14 more potentially affected by CVE-2026-41675 via org.webjars.npm:xmldom (>=0.1.31 <=0.6.0)

org.webjars.npm:xmldom MAVEN version =0.1.31, =1.5.2, =0.7.2, =0.14.0, =0.11.0, =7.14.0, =2.7.0, =2.9.2 and more Source cves: CVE-2026-41675 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-16134553...

Malicious code in buildkite-test-collector-jasmine-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d6e8247a020880206aa9a5d4eb40d4b1f61cf39245356fd6e91db063d0c14b79 The package buildkite-test-collector-jasmine-example was found to contain malicious code...

MAL-2026-2732 Malicious code in buildkite-test-collector-jasmine-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d6e8247a020880206aa9a5d4eb40d4b1f61cf39245356fd6e91db063d0c14b79 The package buildkite-test-collector-jasmine-example was found to contain malicious code...

org.webjars.npm:chai-backbone (=0.9.2), org.webjars.npm:express (=5.1.0) +5 more potentially affected by CVE-2026-4923 via org.webjars.npm:path-to-regexp (=8.2.0)

org.webjars.npm:path-to-regexp MAVEN version =8.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:path-to-regexp and may be impacted: - org.webjars.npm:chai-backbone =0.9.2 - org.webjars.npm:express =5.1.0 -...

org.webjars.npm:chai-backbone (=0.9.2), org.webjars.npm:express (=5.1.0) +5 more potentially affected by CVE-2026-4926 via org.webjars.npm:path-to-regexp (=8.2.0)

org.webjars.npm:path-to-regexp MAVEN version =8.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:path-to-regexp and may be impacted: - org.webjars.npm:chai-backbone =0.9.2 - org.webjars.npm:express =5.1.0 -...

com.github.searls:jasmine-maven-plugin (>=3.0-alpha-01 <=3.0-beta-02), org.webjars.npm:accord (>=0.28.0 <=0.29.0) +174 more potentially affected by CVE-2026-33750 via org.webjars.npm:brace-expansion (=1.1.12)

org.webjars.npm:brace-expansion MAVEN version =1.1.12 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:brace-expansion and may be impacted: - com.github.searls:jasmine-maven-plugin =3.0-alpha-01, =0.28.0, =2.15.2, =1.3.0, =0.3.0, =2.0.3,...

EUVD-2025-175627

Malicious code in wavefunction-parallax-jovian-jasmine npm...

EUVD-2025-177512

Malicious code in nuxtjs-enceladus-miranda-jasmine npm...

EUVD-2025-178355

Malicious code in ionosphere-tachyon-arcturus-jasmine npm...

EUVD-2025-178295

Malicious code in jasmine-ichnology-astro-proteomics npm...

EUVD-2025-180421

Malicious code in antares-jasmine-rocket-start npm...

Malicious code in eslint-loop-meteor-jasmine (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 74c329a482c68f847b5078bc7c6cd99a0df89ac2ee483147aa5ed8810a29dc2c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in koa-higgs-jasmine-wezen (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a94744e4363382314160fd2c7e5b498755be2a10ae9e8fa7b684813a28d90a46 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in nightmare-jasmine-janus-prompts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0fd20f4768df0374f9f8cae260d09775d2e0445ccce5d3ce5630d9857463bac0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in webdriverio-jasmine-dione-perseus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e6aaff2bb3a08dfb706081881b34cb93ca43e0b8c54aa6229078a2bb1f5e1991 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in winston-pino-jasmine-jupiter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a5379730ea03719315dac34057961525d8cb45f557c9a2a4ad60fa9929dadfc6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-175450

Malicious code in yaml-iota-jasmine-norma npm...

EUVD-2025-175598

Malicious code in webdriverio-jasmine-dione-perseus npm...

EUVD-2025-175538

Malicious code in winston-pino-jasmine-jupiter npm...

EUVD-2025-177608

Malicious code in nightmare-jasmine-janus-prompts npm...