Lucene search
K

12 matches found

Snyk
Snyk
added 2026/05/18 9:0 p.m.11 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/05/11 9:0 p.m.11 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

9.8CVSS6AI score0.02342EPSS
Exploits3References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/11 10:56 p.m.4 views

Malicious code in tiara-mangga31-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6504688725d519a6ea30603d7d28a6ee021fc4315d0a3059451842e5c1194730 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/11 8:46 p.m.3 views

Malicious code in galih-klentik74-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a378372f1ac8cd4612b670b0907d61764a76b569bcbe15511f30ca3fc771a522 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSV
OSV
added 2025/11/11 8:46 p.m.2 views

MAL-2025-130992 Malicious code in vera-sego29-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e354e7fbb615da18ef1df87a4e89a86f003ca79fe4200b09704bc04826677c1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/11 4:25 a.m.3 views

Malicious code in sari-kupat87-kyuki (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 400bb0df76251d1df4eed05aae76abe85701a5034237e8ac199080ac4431fe75 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/11 3:48 a.m.3 views

Malicious code in hanafi-dodol18-sukiwir (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b545a112d19f5d3e6dc452f793d5077b2947912f2fc99fd65d3ecbdffe03f240 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSV
OSV
added 2025/11/11 3:48 a.m.3 views

MAL-2025-79309 Malicious code in joni-lutis57-sukiwir (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0d9b2ab2deef96497266329b1c0e0de853852ece15e998cd4ff1d13556008fb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/11 2:29 a.m.3 views

Malicious code in siska-kupat61-breki (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2da465eeebf5f0fb1856b2d210b36298da390cfcccfdeda55e099a694887f08f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/11 2:29 a.m.3 views

Malicious code in indah-tomat38-breki (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cb4629e995257c2d1d31217ac8d33afc27a7e01a1fd02333925eb3704dc09ab9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSV
OSV
added 2025/11/11 2:29 a.m.2 views

MAL-2025-72339 Malicious code in cindy-jengkol51-breki (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a141d1c25f1f5c9a36feb331701f5c046c3afd2b09388cc23c0c3b247045c2fd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/10 5:21 p.m.6 views

Malicious code in candra-takokak92-sukiwir (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a4b94aab6bd9c02998dac8e89926e7de48d9867e6e1cccbf0982e9a0325337c0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
Rows per page
Query Builder