1910 matches found
Directory Traversal
Overview @pnpm/package-bins is a that returns bins of a package. Affected versions of this package are vulnerable to Directory Traversal via the getBinsFromPackageManifest function. An attacker can modify file permissions outside the intended directory by supplying a crafted value in the...
Malicious code in centauri-xenobiology-prompts-foundation (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a1465d9ba39cc1b669215a53dc40fea20e44322f438f590b0c84e02c9abeab89 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in xenos-xanthus-celeste-react-bootstrap (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e905ee031b2c4ef7912618f1d64a99f35e6da479055f1504c5b29a0adaac500 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in ophiuchus-polaris-mineralogy-proteomics (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6990907cf478a6777456e1509b1e4616038bb303ecad91eb09e0643fa34aef14 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in protractor-biotechnology-hercules-relay (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 163a7ced86ddfa55ba2c67f667dc44c1bac1fdaddd5dc437b94c8877eeed6e8b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in greatfilter-lithosphere-isostasy-rocket (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 46f7d248bef693a8fe521be2c4a3d53ecdbed962532c5d5fdff3115cdb68648d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in update-meteor-jupiter-kaus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4a6356d84e2bdfa2e9952503f7bfa22d9940fbccd3d5d7e5296766420d0ce81b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in resolvers-kinetic-eventhoriz-webpack (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10aa06e998c3d788fa72d46ef212a5ae000339d3d9b287dfddbbd99d288cc440 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in rollup-plugin-html-webpack-plugin-cordelia-rollup (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2554973e6e1d34edad7b0276e63e4eb111a0a6bf2f4ddf64775f7090d414bc24 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in release-it-materialize-quasarjet-perturbation (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 035050b3353edebeccd5d0176758cd056d40864422a03aac5416c61490399142 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in hot-float-moon-unix-fork (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bbc7cfe0783332584e55e88a0d036771aba6155e5b13fad52b4a4dbaf2311663 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in capella-yaml-innercore-hermes (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 372f99cb9ed94cef8bc325e39ea217a894b8578a523b5ea09806bdeb8df4ca2a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in lint-staged-superagent-eridanus-bionics (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 066dc6b85c08093514728ad74577e54a20edffbcf7d838638c2e8ccbdc1dfd28 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in proteomics-terraforming-exosphere-supernova (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 08be7f7bd82ea7f6548ae9fb6c2fa590b0f954694b20efc97d5b88d35e932d16 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in troposphere-comet-changelog-html-webpack-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b74ff548784ce3a86f53316b5de4200f29c883e33f658fd92f1e8e6322c765f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in eclipse-ursa-element-ui-middleware (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 60b2f32fc1e6c1adb25c4d848fbe498ef1b40cff343779a68a89fa75d88f08b1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in lint-staged-lint-staged-auth-terser-webpack-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 03253bd76fedc24d55504b970d032ee47ad508a341ba8a5531490b0b9ae15ee3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-188331 Malicious code in nodemon-css-loader-husky-parcel (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ef0c6f6980a8e239fba86b499d7e58efed539940a9b4a001da5150da2f24d7b7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-188824 Malicious code in private-cluster-draco-mysql (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d55b2c6488f879be03519756749da7f5fc5c54c6733164935e0c5d7f8304675a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-188667 Malicious code in phoebe-betelgeuse-sadr-miranda (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d981dd2f34c2bbb86c7ac516f54988b4077402f3ce86235f4cab5210ee90865d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...