EUVD-2025-132015

Malicious code in teate-thy-sonic-wutlu npm...

EUVD-2025-133787

Malicious code in teate-thy-py-buhip npm...

EUVD-2025-136429

Malicious code in savion-rest-pix npm...

EUVD-2025-141018

Malicious code in kapvino-socvni-favcavai npm...

EUVD-2025-142249

Malicious code in divata-tuga-ivbio npm...

EUVD-2025-139488

Malicious code in nuilva-daerde-oagfifafalif npm...

Malicious code in buta-fadg-vaun (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2249418283448fc595eb43530fce30acf143acdad408770e69dc87cc33cf8e6b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-142925

Malicious code in buta-fasg-fgvganda npm...

EUVD-2025-141470

Malicious code in hunim-sats-anin npm...

Malicious code in affffffri-zidan-tea (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9d14193e8a77540c4c9d680e3738718b18a4c5f1de8ff0a3fb2c4c1f74e0c95 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-176459 Malicious code in nokire-nakaoci5 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 426157b02f97f1d5957632904c226e5fe63f26142f598d4ed5a9774b439b429f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Security Bulletin: Multiple Vulnerabilities in IBM API Connect

Summary Multiple vulnerabilities were addressed in IBM API Connect version 10.0.8.5 Vulnerability Details CVEID:CVE-2020-36732 DESCRIPTION: The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string "0." with an integer, which makes the output more...

EUVD-2025-144234

Malicious code in verts-otimnmo-fagofsposa npm...

EUVD-2025-146126

Malicious code in ahfazam npm...

Malicious code in nafeesashraf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b5f315f0294a2750acd2e3af3c6e7713a2baf23f98da0cb50ab7bfe4e76f3519 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

CVE-2025-13042

Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.166 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2025-13042

Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.166 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

EUVD-2025-146669

Malicious code in upilka-luzimu-kijnuhigani npm...

Malicious code in angin-poke16 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5e803dae050f6543c61d95578329eb90f5cac60d91eef7f266cda58cd5d75e4f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in piluvaika-kaiu-nubuli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e70bf791f4d59beeec6fd476634496370654cf12b7dee7f984b7f3405ff7633 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...