Malicious code in weavedb-base (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 886f22636b5e4726978e23b10a4311fb7e65c2b10003da72429348fa617884d1 package.json declares "preinstall": "./vendor/setup", which runs a 976KB packed Linux x86 ELF binary sha256...

Astra Linux - уязвимость в node-ejs

The ejs also known as Embedded JavaScript templates package in Node.js before version 3.1.10 lacked certain measures to prevent pollution...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

NPM: vm2 Host Promise Resolution Preserves Object Identity Across Sandbox Boundary

NPM: vm2 Host Promise Resolution Preserves Object Identity Across Sandbox Boundary vulnerability discovered by ? in WordPress Npm vm2 versions = 3.10.5...

10up-toolkit (>=6.0.0 <=6.5.1), @0ti.me/ts-test-deps (=0.2.0) +6567 more potentially affected by CVE-2026-26996 via minimatch (>=9.0.0 <=9.0.5)

minimatch NPM version =9.0.0, =6.0.0, =1.1.0-pre.1, =1.4.0, =9.1.0, =1.17.3-testing-284.48.0, =1.0.0, =1.1.6, =0.0.0-alpha.1aa37fb04f1f, =1.1.3, =1.0.6, =1.0.25 and more Source cves: CVE-2026-26996 Source advisory: OSV:GHSA-3PPC-4F35-3M26...

Malicious code in sturdyfetch18 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2f9640d57b25e356462b9f06e02423032b3b0a0d2f4cf9b5d1e246a116a82af4 The package sturdyfetch18 was found to contain malicious code...

EUVD-2025-200872

Malicious code in elf-stats-marzipan-cookiejar-316 npm...

EUVD-2025-176272

Malicious code in spectron-chromedriver-thermosphere-cosmogenic npm...

Malicious code in baryon-helmet-apollo-meteor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e509619c8cda9fd9f1db9cb20bb317bddf00e771bcc44d0c746b082e3da2e4b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in miusafasdagan-nasduat-bais (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9d09fdde4f85a1c616154a03bda7f1916abfe0ff8236ce1baf3ef121088b5afa This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in dajouka-faaa-ssa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 27eda1bb5dc5514bba300ea490c6c8b4faa8e4217636585d356d045d03674755 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in uinsu-losit-dilaubaamukabi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5724f7e26ce22aeaa6160eeea503a5e8de4768fe5101998157401f44781e7158 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in excess_sawfish_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9ccc3c05b73994322b8d9949e5e484972159f7d0eb577953b8cf97865ff8ec3a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-76206

Malicious code in negativestingray-notthedev npm...

MAL-2025-99457 Malicious code in andi-sambalado29-ruro (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 763b57eb59197665d52d6fb0dfa9516cca2e70ac70863afc49320dc13b1c4bc4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in outstanding_gibbon_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3b460a4e12858459725f0fc84c72960d305ab9b2b80c820c16944df02d213806 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-84462

Malicious code in ocha-kue78-miaww npm...

EUVD-2025-84453

Malicious code in ocha-pecel71-miaww npm...

MAL-2025-64093 Malicious code in lisa-moci91-sumpek (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 23de3babb893742cc3846dc403b412f8c66aa82d7599b40825d62ebc67f6cd22 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-44075

Malicious code in didi-store npm...