Lucene search
K

5 matches found

Vulnrichment
Vulnrichment
added 2026/05/12 12:12 a.m.20 views

CVE-2026-45321 Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys

On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/ packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the publish workflow itself...

9.6CVSS6AI score0.02342EPSS
Exploits3References4
OSV
OSV
added 2025/11/13 3:23 a.m.6 views

MAL-2025-186267 Malicious code in concurrently-grus-vuepress-zenith (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7074c66c67ba8954226ffe4caea4be815b7cbdb15439e2f2e1a589d8eab0e173 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/12 4:29 a.m.5 views

MAL-2025-147715 Malicious code in scorpius-scripts-flare-gatsby (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 89eaec14f2f27132288be226ebb081c4188c0c06b56eb85760ea8dc44db967b3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.39 views

EUVD-2025-29241

Malicious code in bioql PyPI...

8.8CVSS6.3AI score0.00378EPSS
Exploits0References5
OSV
OSV
added 2025/08/14 6:52 p.m.1 views

MAL-2025-33829 Malicious code in spruce-utopia-xbi904-project (npm)

The package spruce-utopia-xbi904-project was found to contain malicious code...

7.2AI score
Exploits0
Rows per page
Query Builder