5600 matches found
CVE-2026-42574
The CVE-2026-42574 issue affects apko dirFS used to build/publish OCI images. A crafted APK could place a TypeSymlink tar entry whose target points outside the build root, enabling traversal to host paths via subsequent directory creation or write operations within the same or later archive. Root...
CVE-2026-2625 Rust-rpm-sequoia: rust-rpm-sequoia: denial of service via crafted rpm file during signature verification
A flaw was found in rust-rpm-sequoia. An attacker can exploit this vulnerability by providing a specially crafted Red Hat Package Manager RPM file. During the RPM signature verification process, this crafted file can trigger an error in the OpenPGP signature parsing code, leading to an...
CVE-2026-2625
A flaw was found in rust-rpm-sequoia. An attacker can exploit this vulnerability by providing a specially crafted Red Hat Package Manager RPM file. During the RPM signature verification process, this crafted file can trigger an error in the OpenPGP signature parsing code, leading to an...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Malicious code in dotenv-safe-nodemon-ariel-petrology (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0dd10bc2cfa24ccde592a913acc6858967290e29bf81dfa4d634d6c08921764 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in string-eslint-antd-cosmology (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c09b41ae985cda899d985058606ef63413008d232b4ee9a9dcdea6bedafeaac8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-188680 Malicious code in phoebe-yildun-gravity-meissa (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 88e7f8707aee62cb3960c90f21928bae1147bd91c27fe32db5fe802a976e89bd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-187139 Malicious code in gemini-hydrogeology-panspermia-standard (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 05c40c172857580cc93044c60ee5d17491d6289b26917933d9371df9d2b794e1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-188131 Malicious code in mu-dog-proxy-decode-unix (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 88cdfbf38d06291aae96e832f05b29f00cfd35589943f585837dc348ec6b1fce This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-185367 Malicious code in abstract-interface-stub-delta-cloud (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6bea2e8001fba4e0c06b3e79d1b45abbcd43329f409b01df4ddc089f09b4e4d0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-190058 Malicious code in unix-scale-protected-test-fire (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 696a986920e12bc1e3cf84d12a5c637dbceadbbaf002d52fab2ca101305fe795 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-189346 Malicious code in sanitize-eta-promise-error-awk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e00d20cc45b0c3561f876e2907c05759af75b6ae061f01d2d3240a3aefde578d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-190334 Malicious code in winston-kinetic-zenith-corvus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 33aea94bfb56e0007d05b76e2fd4429326a2eba7c08d4c4190df4b030c654c44 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in publish-oscillation-astrochemistry-spectron (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 154fe20109457e48fa5577f4bc485d5bda793bf620237fb9f1e818447da6ba67 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...