58 matches found
Malicious code in hardixx-code (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c0eeb07f1a0f9149c6e22016d85bcc59e5d0bbbac9514fbef9a2ba0289bf75fe Version 1.0.2 introduced loading obfuscated code during importing the module. However, distributions uploaded to PyPI lack the necessary file storing the code...
MAL-2025-174428 Malicious code in goodai-sunabi-cufau (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 321e5c91c8ab17357dbd36b4344e391e5c564b533777b3de04f8a5404d110e1b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in eslint-plugin-element-ui-hyperion-dagda (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5038fe2a3c36f89c8648d1958ea6266b9e56a0ef60f2efb00d26435c3e79a2b9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in citra-nasi47-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b26316d8d883e0c5edd7cc50b4dfebb0e9232a66fb4b257c2877211ff81ba483 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-111915 Malicious code in fond_muskox_chocolate-58 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 649dad5cac7bc56e1f25e3554c7f2ff87bb38eed74035d9527da2f4f126ee498 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in gorgeous_landfowl-smiletea (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4dc3ae3c2ec3a338fd56767d0d7d3f40eed6fb7c95355c8ddd5cfc582a4ba541 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in surviving_gecko_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0c304fb95e848ec64d057cd6b420e078efa74bd545e3f5abdd77305b794cd167 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in candra-dodol1-ruro (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c89370177a218c952376d9c7b9ef34d2841a0c27e9764f96b732b94bfcd27127 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-91261 Malicious code in tuti-kembang40-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 17da342a6d147a3afc67aaeccc1c8027a7e6df927b12adebbb1fc003731492dc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-60684 Malicious code in inner_guan_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a077bfb5390086637f4be66d919d9d90a9a3535bf28a6c18478982389f0d7059 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-56072 Malicious code in equal_jaguar_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e3d5a6c3c61954ad6c1a6f8e83378a99843d69a3a6fb0ec55e70f3d7fbd389b6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in indah-lupis31-sukiwir (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37715c41f6c3e21336601fe5a92cd2fca7b1a6d6d8965fc3350405f501d2a7a4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in evolubots (npm)
The package evolubots was found to contain malicious code...
Important: Red Hat Security Advisory: python-setuptools security update
An update for python-setuptools is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Important: python-setuptools security update
The python-setuptools package provides a collection of enhancements to Python distribution utilities allowing convenient building and distribution of Python packages. Security Fixes: pypa/setuptools: Remote code execution via download functions in the packageindex module in pypa/setuptools...
RLSA-2023:0952 Moderate: python-setuptools security update
The python-setuptools package provides a collection of enhancements to Python distribution utilities allowing convenient building and distribution of Python packages. Security Fixes: pypa-setuptools: Regular Expression Denial of Service ReDoS in packageindex.py CVE-2022-40897 For more details abo...
Malicious code in selfgrandpongcraft (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 31a2f3ccfe361745009967a4dfc97d33ed5663726d83e2c15cf48ca37119d7f5 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in tppullcpupull (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 3d98883416a753d48c814af00ebeb1353a1bfd2921f56d883eb6eb84374bf45c EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in esqrandpy (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx f47fd532fbb70d1f2bcb13d9f60c38f09f6c3bb036c51517b99c31ce7b96fc53 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in selfvergui (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx fe2500a17a736b29b3a49b84d1710a2d69987762824956fd897d151204223bac EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...