MAL-2025-146034 Malicious code in pegasus-helios-bootstrap-meissa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 443c660eeccc84458663b73683dd4f9945a478b35f6e205b836a99b218487f68 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-139289 Malicious code in algol-aurora-uninstall-public (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e26acb818d7d6462dc6b7af9a975034aae6a01486b28b5de249c943e90eee21 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146553 Malicious code in process-init-ignite-regulus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a2a7d7a22bee9c6cbc25e4eafaa2b8204550e9878e62c1a1daa58a95ef584e62 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-139786 Malicious code in avior-solis-grus-run-script (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e1bdfdc7bb97c3e6f4552241ddd6ae1a7be05ef2b820b1547391c9765a70c08 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149638 Malicious code in xanthus-stop-antares-carina (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 24aff18b7ebab6c38ebb608d171a38a0950de81bd26c3a9d4c476745990464a6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141488 Malicious code in deimos-aurora-electron-unuk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 84e10a38bcf028cceb598cc95ab3b984714b62224cdf73e92b6551b32bcfc448 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147730 Malicious code in scripts-eridanus-duplex-spawn (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0cc40e9b3651a910d7a97424e0a6b2f9dfb784f58b1ac169adad47c54b88f1e8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in monthly-crimson-whippet (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3101df7313222040720e715f30fd263d1b54ac065addde909555afce2cda34ed This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-138631 Malicious code in confidential-brown-monkey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6f5359559db4b2d77ca1c9ffc0a98c94009fa787d18e244af3dd3cffd9d98d88 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-138791 Malicious code in illegal-amber-aardwolf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9c066ddb082d2d7537b82efb71416bae7232d508496aeeb6f936b7e2b9dec935 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

WordPress Simple Downloads List plugin unauthorized data modification vulnerability

WordPress Simple Downloads List plugin is a plugin for managing file downloads that allows users to create and manage file download lists on their website. An unauthorized data modification vulnerability exists in the WordPress Simple Downloads List plugin, which can be exploited by attackers to...

Malicious code in lutfi-gaplek51-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e60a58546e6652810972b9ea37e74109be80618bc20194263cd358ee3638950a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in arif-kue53-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c7b3f153c8aeb20fac848f8e84a28f8365ef875ab725150a01f9f4eda076c94d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in gilang-nasisayur31-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b8974e5e2ccd56f90206fb1319dc773c9181a3f93b978b318add7736e3f2051c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in amused_amphibian_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1bf362960035e9edd43f9dc8dc276e8d2c87371d0fdd04b827b2b441126fe1dc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in arif-gembus72-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 18f76f452fbca59b2bf6554816a557551e48eb367cb63f40792647aec8685921 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in budi-dodol58-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a753479b5ef1843067a8d744accb3f759857c4c563da8a9c93172f4c9462271b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in decent_xerinae_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7bd5436eb180498a4b0f9f2b3b097dc1aa4270970a7964c3382558d8eefd8324 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in dewi-telur45-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4814ec9f54f45febeb9629de14789c3797f025e99a8a4b4b4010e8982683b0fd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in eko-otak-otak31-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ea575ff010826b8b32384db796ebae58c09d636166d94f6207885e731df1069 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...