MAL-2025-170472 Malicious code in verify-taic-alusakiliabamu (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector def577300a720458180524a1120162e41fd664809c46770d4711bdfa6ca49ed1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-119838 Malicious code in erwin-tahu16-breki (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 95bacd8964dbf7ad094c9db2f7c397230f413fa975cdfedba1e0fef90ea2988a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in redundant_marmot_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ce31ffd4061b27c77fff73ae91780d6c9db25b2707dc2e2c8d643c6f0b617b07 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-105013 Malicious code in lara-wallet-store (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dd0becca1ce15b4ce8f2e4a5472e14dc67bbaaab50f29d51ff2b8c364388a410 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-99548 Malicious code in arif-bubursumsum43-ruro (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 29998304a248d70087264a48ef62fbfa951352f0f0dbcc2246f50a0ff85412a1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-99648 Malicious code in atomic_cephalopod_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 67055b559354d434539643aae58ade3e93336ab5239efbf1d2320f09d09c238e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-93624 Malicious code in colossal_deer_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b34975d14976f3ddfc30849daa891dc6e9c379b169aa0e46d3c3871a31279a86 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-86910 Malicious code in iwan-rendang80-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 698f118506721765cf2cbc614ea7582a22a5e2e3cce4e7e55b183b823b45b300 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-65473 Malicious code in surya-lengko59-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6f1463e2637d8d30344ad45907814cc43885b16a5eecc261281671cf9f4a2cdf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

CVE-2011-1829

APT before 0.8.15.2 does not properly validate inline GPG signatures, which allows man-in-the-middle attackers to install modified packages via vectors involving lack of an initial clearsigned message...

Code injection

APT before 0.8.15.2 does not properly validate inline GPG signatures, which allows man-in-the-middle attackers to install modified packages via vectors involving lack of an initial clearsigned message...

DEBIAN-CVE-2010-0055

xar in Apple Mac OS X 10.5.8 does not properly validate package signatures, which allows attackers to have an unspecified impact via a modified package...