8 matches found
MAL-2025-185875 Malicious code in book-web-deploy-object-byte (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e707ee8e6a7b157de7f049f46c37a2f9de5d01555279c9b19fe13e51bff46327 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-125432 Malicious code in cindy-klipo49-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 03bb811368f2542c8b7d04f30d21eb189fff30263cd70f3ebfab570ca1c350cd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-129426 Malicious code in profitable_pinniped_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 179d7a17efe8c420532d827e578e246c36baf5f9788bd5690732ec411ec79033 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-120669 Malicious code in ida-kue50-breki (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b73ec09eb2fd6ba4be72732d04fe9dd4d3b2cd558617fb104018b87716921ac8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-112584 Malicious code in agus-bubur75-miaww (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66190bd7c62fe7111d49364dc2a76c206678cfc9b565cc1cf1761f9bbccc2b2c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-86035 Malicious code in gita-ronde94-wekto (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 79b8426f902ca8938b6c249a0962acbc6fe692ac02567667d44303b08cb453a8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in perfect-scarlet-earthworm (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e5ef5d538884a5142d698d907a16cf12aaead038846c4f4fc07b106c341cad89 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
CVE-2019-16776
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended nodemodules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or ga...