MAL-2026-4795 Malicious code in massive (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 02d8dea3e47a2bd45fc796f33fc582956aec2be887add9672fd5eccc91c2135d Package self-describes as the 'Official Massive formerly Polygon.io REST and Websocket client,' a false rebrand claim — Polygon.io has not changed...

PT-2026-23067

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In version 0.24.6, by generating a combined traffic pattern of high-frequency publishes and rapid reconnect/kick-out using the same ClientID and massive subscribe/unsubscribe jitter, it is possible to reliably trigger heap memory...

EUVD-2025-117242

Malicious code in massive-yellow-marten npm...

Malicious code in massive-yellow-marten (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 347c0a4bc6c6dc50164f4938053abfe0fb420772bc5eb18e843d0551531f3155 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-90126

Malicious code in massiveraccoonz3n npm...

Malicious code in massive_parrot_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0d7a795b4ab4dbea26afe35095a1d0100bef5f3f82113998c60db5a3013a09fd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-90128

Malicious code in massivebassz3n npm...

MAL-2025-115758 Malicious code in massive_raccoon_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c81019e9318c382cd501d02591c906e2612b06b0027e936eaeaf357a49fe0483 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-76327

Malicious code in massiverat-appteadev npm...

EUVD-2025-81281

Malicious code in massivespoonbill0xrequest npm...

EUVD-2025-69073

Malicious code in massivecockroachz3n npm...

EUVD-2025-84783

Malicious code in massivetigerz3n npm...

EUVD-2025-84784

Malicious code in massiveostrichz3n npm...

MAL-2025-79931 Malicious code in massive_amphibian_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ac6236de2e9c5035e1106c258c77ef400d0807ba673a8e141e617146545043c8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-53322

Malicious code in massive-salmon-baboon npm...

Malicious code in massive-salmon-baboon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3246680bbd074dc58285a221f35e5d20727fd2ba14b9f06103a2ed14592e824b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-53324

Malicious code in massive-lavender-rattlesnake npm...

EUVD-2025-53323

Malicious code in massive-magenta-python npm...

EUVD-2025-46413

Malicious code in massivecatsharkz3n npm...

Malicious code in dewi-nasipecel30-breki (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5dfb339c9e58502fa9c01e8dd5a4d7a8ef84e86a8625d78ea069a55ed78266ac The package dewi-nasipecel30-breki was found to contain malicious code. This package appears to be part of the tea.xyz token reward campaign that...