70 matches found
CVE-2026-23940
Uncontrolled Resource Consumption vulnerability in hexpm hexpm/hexpm allows Excessive Allocation. Publishing an oversized package can cause Hex.pm to run out of memory while extracting the uploaded package tarball. This can terminate the affected application instance and result in a denial of...
MAL-2025-187269 Malicious code in halley-pm2-semantic-ui-commitlint-config-angular (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 207baa0abd8ece63fe60c3b6ed72245a1fbd0ab7acbb419f0f280f5e15470fb9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in imugay-avg-ijimaumfaagf (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d05585775081be3865ed78608802ecda2707f34afac2a9bdad1c236dae06889b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in kisut-dfg-diwfzcfecdcb (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c6bf951cd0f38cbfc386e36adc18750ce5a8655034cd54a99e0c2cd60fc01ec This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in irfan-poke23 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c525902ab84ec722686e638cd7ee99e826076d2caa6bdcb2b15aacdf7c5ba339 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in eclipseobserver (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8141fdfe488ff11c55511483d8fbd0d49ffb94e1e6570379cf410f4ebfdffc49 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in @miptaa02/irisy (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a3c20b92127f30d3e1db3b2c2a6cd4a4b3f5c541fe38b379535f1f57eb5613f8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in kapai-safoag0maa-agada (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b666e8209be2c52892d789f220cc28575c83a9c3c0e91455ecc2e7b2cb011b3f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in sanctum-cookik-raimu (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c1c13e7a3649769826894e42c234435e476bb134c33d36be73a2cf69544e1c40 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in fadila-poke112 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c5b0f6e6b541e5e82c51909928caef30310b206438c7b01afc5fd2b69e057f1a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in verify-aysali-aais (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 06480252208531d5b7f15cc0c57eace0249b28661dacd00da2bdb2180dbc12a3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in verify-aya-auil (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bbd7d74641ffa7260182cbcb9386f31611c4859cfe496916ed98ed0b117971f4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in nokire-lokcek9 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3ab9432c4ac98d57f8c08edcf7f802ea599fe5d019add52336dd3ea506291b05 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in namada-kasito-nutro (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 469707a92f7f1415f2443981bbca6e84654c69b89ffd5a5ca48f53879bf235e9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-169380 Malicious code in tusaaya-redd-wfesaq (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6af5877c8e68bbf41e7ec47cb8ddd7a1d10ceff55e1f228fe7e33d3b2d94ace8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-156685 Malicious code in inufgi-gotmafa-anamufozai (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d2962dcf3fce32051f68d174c4ae17c790ac440921b2c146af58815b9b7a8cfb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-153222 Malicious code in avminah-fagnias-ifiaag (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 78173394d8d823db7b2e072da1a1bb6668861fca40969213264bb97eeb026847 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-139650 Malicious code in atlas-neptune-postcss-private (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3642a23ed879e58d8e6a28ce1fe2b4842279d353ee9f22be6c766e7a10de4b67 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-123138
Malicious code in publish-ganymede-magellan-dione npm...
Malicious code in transform-helios-jekyll-spawn (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc021b0668f909b84b57151c40a8fc0e71fcdfb248bc540f7fffd18a761d5f27 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...