41 matches found
Directory Traversal
Mammoth is vulnerable to Directory Traversal. The vulnerability is due to the lack of path or file type validation when processing DOCX files with externally linked images, which allows an attacker to read arbitrary files on the system or trigger excessive resource consumption by referencing...
EUVD-2025-117246
Malicious code in mammoth-harlequin-lungfish npm...
EUVD-2025-117247
Malicious code in mammoth-brown-mink npm...
Malicious code in mammoth_mongoose_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 129be806d31d50b89938549b2eb2fccece56a258c43efaba0f6f704182dc41e1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-103858
Malicious code in mammothmongoosez3n npm...
MAL-2025-115738 Malicious code in mammoth_gerbil_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector efd8c944d67b26c65ba6cbf6483fdc47c8ed8189ca9d3e4a084fd1922dacdc17 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-90146
Malicious code in mammothgerbilz3n npm...
EUVD-2025-76353
Malicious code in mammothnewt-apptea npm...
EUVD-2025-78845
Malicious code in mammothstarfishz3n npm...
EUVD-2025-78847
Malicious code in mammothotterz3n npm...
Malicious code in mammoth_dragon_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c4df075fd4e1a3bcdf5b937a4903331b268c2b9c6415a1022484c9acf3f456e4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-105575 Malicious code in mammoth_dragon_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c4df075fd4e1a3bcdf5b937a4903331b268c2b9c6415a1022484c9acf3f456e4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-81303
Malicious code in mammothemu0xrequest npm...
MAL-2025-105581 Malicious code in mammoth_rooster_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 06f4aa05566c82ca011e53690347d8edda218a2faee781136ce533870a78581f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-71488
Malicious code in mammothgibbonz3n npm...
Malicious code in mammoth_gibbon_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 14910efa78f4f94de86f767f4e028f3ba45705e67a23057a99e65419ded56067 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-71487
Malicious code in mammothjackalz3n npm...
EUVD-2025-63185
Malicious code in mammothbisonz3n npm...
Malicious code in mammoth_orca_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd4fb8faa632bdd3b33d4ea9dfada639ee5a7005ed32155e19d9e2f3b8e9019c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-84792
Malicious code in mammothwildebeestz3n npm...