71 matches found
CVE-2026-29051
This CVE affects melange, where the lint/build workflow (enabled by --persist-lint-results) constructs output paths by joining --out-dir with arch and pkgname read from the APK’s .PKGINFO. Versions 0.32.0 through 0.43.3 are vulnerable; 0.43.4 fixes the issue by validating arch/pkgname against ..,...
MAL-2025-188484 Malicious code in oscillation-leda-warp-framework (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b4034a7c18a9c9766f734ef16d4eadac9e3d3574d8910068cacc02e37e741318 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-171893 Malicious code in sophiacampbell (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e4d4af2b2e8cc5335a59b0ddd93ed75655ed614f5759d9d4b1ed3beeabf744ae This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in mattu-muoape-butada (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f8ff918874811cbc1f3e83456425eb822ade2e8825c098a0ea3133bc416fd6cd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-156869 Malicious code in iqbal-poke60 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector adf4fe6ec74a97c3154bee67783e2847b7ff477449ce498b4ea60d7f1a100375 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in sabuvauakli-nalaui-lubisya (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ab7c69fae7886cc446e6c8900449c0f6315c3b4e1bf105b802a2cb8208cf58db This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in tealove-nokire25 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fc3d35484940a9a9bdb6a23ec248fbf9539619e6a3de5f62e0ac8cabafbeb479 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in version-iota-deneb-node-sass (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b339f0fa5e97e5fa737e9c1473c0476739056c2201bb00ed06a6ac219603328a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-140688 Malicious code in changelog-typeorm-ursa-europa (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dbbaeeabd6ac963216968ece8cff8b5e1740bff68ee18b990b5ac749e299434e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in royal-turquoise-crocodile (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6807c8de7271a95357be7c721520fca20952d774e11852cccd1a10c20c13f9d6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in vida-lontong55-sluey (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e9069054248b5bf0ac6af3dfa3675d332b209301e7ea0d8548b16fbe5dac151a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in putra-rangginang54-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9895145fa78640bc9ec2a8074cd964a3f0a4332d43943ce166761c265c460c31 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in fauzi-mangga37-breki (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 77997fd7e83fe8dfe554d8d6dd68c021b9bfba6539dd090e0ad455f4ec5366bc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-119394 Malicious code in dewanto-empal22-breki (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9788aaac6d32511fdea53b9338070129d98f2af73d304e374faa111820d2dfc7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in passive_jellyfish_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f64b81908fad2dc484b8834396e3c063b538814a4fa86cdc26cb339d74066847 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-108230 Malicious code in rubber_hummingbird-silentdev (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b020eb8d0af2775ea48b8de006f268535de12d86a8a3a55c5744e908050f33d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-109809 Malicious code in traditional_swift-appteadev (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9bc0e06ad23cc1ad9739bd94eb14ab82338a9217baa5aa03ff942e57054932fb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in deep_limpet_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector edf78099f502ce793bf8c5569add60cd7ff734c41b1ec0f818212e340f908328 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-101821 Malicious code in dutch_starfish_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 94ca8a942df06b9afa82c3f1f74dbf356f50838a72af37cecce72f654f73a9ca This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-100569 Malicious code in civilian_impala_0xrequest (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8da8ddd9e28ffbbff074ff21ec080417711f94986383c221cf273344c8ab9a5b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...