233 matches found
Malicious code in ids-enterprise-mcp-server (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7eff48b53ace7d90fb4a9c05eb62e2e8e1b6540f5dd4058611b4aa8203057276 The package ids-enterprise-mcp-server was found to contain malicious code. Source: ghsa-malware...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Malicious code in @strapbuild/react-native-perspective-image-cropper-2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d5e2f74d9d1d21777c83aa98d57c78a19a6161665a8af16c87f380f0d5b8139e The package @strapbuild/react-native-perspective-image-cropper-2 was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-179573
Malicious code in cordelia-websockets-yakutsk-quark npm...
MAL-2025-188394 Malicious code in octans-yakutsk-dotenv-leda (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d751656f2ac7efe86e47c25583f93d9ae1536daffdceaf849d3483681ba1dcc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in key-class-optimize-notify-fire (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8d94bf43315a8c1c2893814e9659a334209b0e31030d5d9e792fbd92c4daf7c1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-188719 Malicious code in pipe-got-filament-xenon (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e7b64a0c0583f810c7bf936719ae9719767e9f1dfbc35d94dfc570626eb634fa This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in socketio-elara-europa-dotenv (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 225bb3e548d67feeafaf0b3128b6664fe27c2d00f7626f199697d9775e813e54 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in jwt-mutation-dagda-octans (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e2929db64171afec57703302466935401c6763c0dcb88032f7433c14889af5a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-184899 Malicious code in sonic-jos-affoa (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 598d9f3aa2d6680dafcabadf73b5be6d33aa841560a0ff888cbf95f624acd953 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-184267 Malicious code in modiov-khan-avcafivaivuvagavacd (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f387025f08622866d5e7d334b2064e4902cbd4f2021c00e41571444e25268a3c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-136338
Malicious code in itale-adci-ggpantekkoyu npm...
MAL-2025-182817 Malicious code in itale-adci-akontolbapakmuulolotlsrtjygfsri (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4733999062be85fdee2b9a79199ded07ab2d57785a8b5a8aadf3cb855ffc46e4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-183010 Malicious code in itale-dci-rr (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dbd9c5061aa2c7a094df9d44f198af6643c3f6b5d139bfa22562b8896bb69fc1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-180961 Malicious code in teate-thy-sonic-tewsor (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 17d5a0181564259139bea2ebd8acd73f20e564ab921f81ff0e8654ad9963c4ed This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-179616 Malicious code in igsboloa-minisspe-amiialo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6ecef925919df8bc37f8fbacbeabe3db82fd866d7a83773ca7104bcc19d05275 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-180829 Malicious code in teate-thy-sonic-parlub (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d0decd21a301fc2bfd3effb61c8824c1244cd7678312cc02f887b4bdb854b482 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in teate-thy-sonic-fesdit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bda9a752bbdd40b301624090921fdb80af7656c50a3c0723cf068ae5e9afda75 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in kiut-acg-avefvuug (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6cf696b4d131077819178b0bc454e10bfca36c8f821fc5233e7570c6168de812 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in afriiiiiii-zidan-tea (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector adf65810d017ba413913c2cc1a006c144f451d9a179271fcc6264d83c75773fa This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...