Malicious code in koa-v3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5868e3008cddae6f0d4f1594e5f22c25d905ca6e32b915c4b527ad2ed77cce7f The package koa-v3 was found to contain malicious code. Source: ghsa-malware 16ed2d5a3189595a73eb117e70d2a31ba6ed920704a2917c7f83aacb8b5f42d1 Any...

EUVD-2025-178179

Malicious code in koa-version-scorpius-ceres npm...

MAL-2025-187703 Malicious code in koa-version-scorpius-ceres (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 75dacef98ce0fa1a5b9c797aef9cabfffb1071bd052305809bade9065f2f7e2f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-113581

Malicious code in flare-koa-version-aether npm...

MAL-2025-142530 Malicious code in flare-koa-version-aether (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 743fef05b826eca569bd55c8b8e63b265ee14b3619c017ffaf94b5c85fd9cbc0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in flare-koa-version-aether (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 743fef05b826eca569bd55c8b8e63b265ee14b3619c017ffaf94b5c85fd9cbc0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

CVE-2025-62595

KoaJS CVE-2025-62595 affects Koa until patched: versions 2.16.2–2.16.2.x before 2.16.3 and 3.0.1–3.0.2.x before 3.0.3 are vulnerable to a Referer header bypass that can force user redirects to external sites via back redirect in the HTTP header handling. Root cause: some crafted URLs are treated ...