Lucene search
K

1910 matches found

Snyk
Snyk
added 2026/01/26 9:29 p.m.2 views

Directory Traversal

Overview @pnpm/package-bins is a that returns bins of a package. Affected versions of this package are vulnerable to Directory Traversal via the getBinsFromPackageManifest function. An attacker can modify file permissions outside the intended directory by supplying a crafted value in the...

7CVSS6.3AI score0.00244EPSS
Exploits1References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.5 views

Malicious code in centauri-xenobiology-prompts-foundation (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a1465d9ba39cc1b669215a53dc40fea20e44322f438f590b0c84e02c9abeab89 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.6 views

Malicious code in xenos-xanthus-celeste-react-bootstrap (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e905ee031b2c4ef7912618f1d64a99f35e6da479055f1504c5b29a0adaac500 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.4 views

Malicious code in ophiuchus-polaris-mineralogy-proteomics (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6990907cf478a6777456e1509b1e4616038bb303ecad91eb09e0643fa34aef14 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.5 views

Malicious code in protractor-biotechnology-hercules-relay (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 163a7ced86ddfa55ba2c67f667dc44c1bac1fdaddd5dc437b94c8877eeed6e8b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.9 views

Malicious code in greatfilter-lithosphere-isostasy-rocket (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 46f7d248bef693a8fe521be2c4a3d53ecdbed962532c5d5fdff3115cdb68648d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.3 views

Malicious code in update-meteor-jupiter-kaus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4a6356d84e2bdfa2e9952503f7bfa22d9940fbccd3d5d7e5296766420d0ce81b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.3 views

Malicious code in resolvers-kinetic-eventhoriz-webpack (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10aa06e998c3d788fa72d46ef212a5ae000339d3d9b287dfddbbd99d288cc440 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.5 views

Malicious code in rollup-plugin-html-webpack-plugin-cordelia-rollup (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2554973e6e1d34edad7b0276e63e4eb111a0a6bf2f4ddf64775f7090d414bc24 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.7 views

Malicious code in release-it-materialize-quasarjet-perturbation (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 035050b3353edebeccd5d0176758cd056d40864422a03aac5416c61490399142 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.6 views

Malicious code in hot-float-moon-unix-fork (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bbc7cfe0783332584e55e88a0d036771aba6155e5b13fad52b4a4dbaf2311663 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.5 views

Malicious code in capella-yaml-innercore-hermes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 372f99cb9ed94cef8bc325e39ea217a894b8578a523b5ea09806bdeb8df4ca2a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.2 views

Malicious code in lint-staged-superagent-eridanus-bionics (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 066dc6b85c08093514728ad74577e54a20edffbcf7d838638c2e8ccbdc1dfd28 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.5 views

Malicious code in proteomics-terraforming-exosphere-supernova (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 08be7f7bd82ea7f6548ae9fb6c2fa590b0f954694b20efc97d5b88d35e932d16 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.4 views

Malicious code in troposphere-comet-changelog-html-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b74ff548784ce3a86f53316b5de4200f29c883e33f658fd92f1e8e6322c765f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.4 views

Malicious code in eclipse-ursa-element-ui-middleware (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 60b2f32fc1e6c1adb25c4d848fbe498ef1b40cff343779a68a89fa75d88f08b1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.5 views

Malicious code in lint-staged-lint-staged-auth-terser-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 03253bd76fedc24d55504b970d032ee47ad508a341ba8a5531490b0b9ae15ee3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSV
OSV
added 2025/11/13 3:23 a.m.7 views

MAL-2025-188331 Malicious code in nodemon-css-loader-husky-parcel (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ef0c6f6980a8e239fba86b499d7e58efed539940a9b4a001da5150da2f24d7b7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/13 3:23 a.m.2 views

MAL-2025-188824 Malicious code in private-cluster-draco-mysql (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d55b2c6488f879be03519756749da7f5fc5c54c6733164935e0c5d7f8304675a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/13 3:23 a.m.4 views

MAL-2025-188667 Malicious code in phoebe-betelgeuse-sadr-miranda (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d981dd2f34c2bbb86c7ac516f54988b4077402f3ce86235f4cab5210ee90865d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
Rows per page
Query Builder