38 matches found
RLSA-2026:5942 Important: golang security update
The golang packages provide the Go programming language compiler. Security Fixes: cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive CVE-2025-61731 net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 For more details about the security issues, including...
Google Go Code Execution Vulnerability
Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google. A code execution vulnerability exists in Google Go due to unsafe handling of compiler flags in CgoPkgConfig. An attacker can exploit the vulnerability to execute arbitrary code on...
Google Go 安全漏洞
Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google. A code execution vulnerability exists in Google Go due to unsafe handling of compiler flags in CgoPkgConfig. An attacker can exploit the vulnerability to execute arbitrary code on...
Malicious code in flights-lutuig-alnaia (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f9ae3eaf7c599cd54d8f6ed569720a0093fe96e8a0e8252836cd007303838de6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in gun1 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e39996ab245b744a18cc86ef786e37d389e5830144e272e9af07c90f6871a0ce This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-177484 Malicious code in poglymer-ognagh-agafaaammi (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9ad21a6d4ecb6f5d41b5a3e912ad86e6689f0d45a754d35d7f46176887955524 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in polymer-adag-aisihai (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 97f95e84311cb63c5d80a051fcf8ecd0bb9723ed94602f66f4f18353218836cc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-152496 Malicious code in alvira-55 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4c59869b35a5ffed1ab07076045437fbb45d44140775338833197e4e3670eb72 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in kapafovgiaangapfao-safa-agada (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bb0c7c7129441afc5e9760ccef837eb6a09d56bc6016b5775648769676186665 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in mutdaufs-good-ay (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5b71d3fe704897739b07dc0c9e047a4c6ef7c7370a2244434ae82818773e7d76 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in tehnah-nati-musrika (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 013ab4cde22ba06491078b37121aaa17f333d79b4f63df77ddf975f55ed83294 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-121001
Malicious code in umbra-nodejs-nestjs-node-config npm...
Malicious code in publish-epimetheus-redis-firebase (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6fe3501ebf5ee0e9d66130ec7cdd596273f343020bfec46601162a249a5ae585 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in joko-rojak56-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a20e8e8453f0dedede2ff47872fd3ee3c5319c55185b4e53cab1743a7afa692 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in fadhil-dradag75-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bc6d34bb20a56ee1c0898b2a04b414bd88c65fd5693239e09dc3c095e79b3648 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in lina-ketan88-miaww (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f101118dd1447989ba8a82413b00b163a667bd643c836f3c70befdc9da9c328e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-114205 Malicious code in gilang-menjes84-miaww (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fe852e53bbd673a3e41caa5fb42fe200ee35bca3fcedf4295e68df42fb2305bf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-116118 Malicious code in nurul-wajit57-miaww (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 772af6eb532511e5bf5ece615c7084e95c8b51b2ea8dfac5601cf5fa99da9bd6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in crazy_ant-toolteadev (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b51cc3ffbdc0185ca6c491da761392a8327902115b59f650a328707cc3012708 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-105277 Malicious code in lively_caribou-appteadev (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector af718d1598669d34a88f13b774722c0c75f7ad4887326c04add60df7fc0e6e3d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...