2 matches found
siddheshtea (=1.1.6) potentially affected by unknown CVE via nul-rae-naha (=1.0.0)
nul-rae-naha NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on nul-rae-naha and may be impacted: - siddheshtea =1.1.6 Source cves: unknown CVE Source advisory: OSV:MAL-2025-163880...
Malicious code in nul-rae-naha (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 305a606e9edeb69b0670c7df9efe80f4428be765d9f2e69b074edff7d5f22714 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...