Lucene search
K

35 matches found

Snyk
Snyk
added 2026/05/11 9:0 p.m.13 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

9.8CVSS6AI score0.02342EPSS
Exploits3References2
Snyk
Snyk
added 2026/05/11 9:0 p.m.23 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

9.8CVSS5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.5 views

Malicious code in webdriver-manager-stratosphere-stratigraphy-stop (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0934643185b5cbcc16307cc870692bbaf0a0c6ef0085d73916acdc478aa082fa This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSV
OSV
added 2025/11/13 3:23 a.m.2 views

MAL-2025-188922 Malicious code in proxima-uglify-js-biomimicry-quasar (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c6085fc2c81e721b45c04ee516ad7a516391cda5a680b8a0f5a453e4d561b21c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.6 views

Malicious code in meissa-perseus-eslint-europa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e806cff752234b07a544f7a82097f1f529d1e1a23d1d6276aab2245ee0cc70cf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/12 7:18 p.m.6 views

Malicious code in butanaih-fafisa-pajifaasi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4b0283335051f47c8dc32fdee54680e0d6d2b149992033811820c9c8f199329d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSV
OSV
added 2025/11/12 7:18 p.m.3 views

MAL-2025-177861 Malicious code in polymer-avof-ahao (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cd96b39fc6ffbf803a105f58fc4e2816b5ea97b3e39ae5e3ef956a9887f19de1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/12 4:47 p.m.3 views

MAL-2025-163592 Malicious code in nokire-zabuza97 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7645b667e4727ed5659ce46c9792ee4374c9b2252c0c974c0981a2d891a524f9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/12 4:47 p.m.2 views

MAL-2025-157717 Malicious code in kuinsu-lki-kopanusnataiabumi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 86ab45c651dd82d4a6c351f96e1d013a9a0dcdb7bdfac020e7857e33575c7b08 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/12 4:47 p.m.3 views

Malicious code in @miptaa02/misra (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 214a37ad3ed6000d671e26aef2cf69e01d7dc3f90fe27edc5e7ed1d3e4655524 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSV
OSV
added 2025/11/12 4:47 p.m.4 views

MAL-2025-152662 Malicious code in andriani-poke5 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 82a2aa503ccae8d3704baa8cecbcd534bfe496f5c491923142c5eb8c0d624ad0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/12 4:29 a.m.4 views

Malicious code in commitizen-concurrently-fomalhaut-orbit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b2f42ebaa574e7ee90b1b6d3611a83350c54b9886394a7d37a7ad315af7a0d02 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSV
OSV
added 2025/11/12 4:29 a.m.1 views

MAL-2025-142790 Malicious code in galaxy-karma-restart-wasat (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64caec3afd9589b18de53d7cb1fa655578c4d3baa58c69faf1441ec3b4cf0ce2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/12 4:29 a.m.2 views

MAL-2025-146289 Malicious code in playwright-yonder-module-nodemon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7b8a88d8d6c9de0dc9811395ffc27c01a2b4ffde660a8f412ebbeaa8db6930e8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/12 4:29 a.m.3 views

MAL-2025-148919 Malicious code in umbra-fomalhaut-cypress-bootstrap (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 21e610ac0879d7d61e6f41f0587dd9f753775a9d82956e80f4a8a486ae1f56d6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/11 10:56 p.m.3 views

Malicious code in lutfi-sasag3-sumpek (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2aca58b6ec9bef74eb8e349d4c4df616bbaa8b1580e7982985f272b9fba0a4d2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSV
OSV
added 2025/11/11 10:56 p.m.2 views

MAL-2025-133875 Malicious code in gita-soto95-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a043f344a0f444eafa4d4694f9df5ef0e09389fa8965dd5d86dd52386e322ba1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/11 10:56 p.m.3 views

Malicious code in gita-tiwul82-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dad2b2d41bb24ccf6bdb533689672298df00b70b8fd03997a0d9b2e0842680cc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/11 10:56 p.m.3 views

Malicious code in gothic_guan_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b29776bbfaed7c4b03464e14a7f5fa53a2b6fda742f65fe0dc5a7e2fca590037 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSV
OSV
added 2025/11/11 10:56 p.m.2 views

MAL-2025-138470 Malicious code in zaki-kupat54-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7ae42940136984a28dd563ef6a210642790c7131b9854b486573f98126e43947 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
Rows per page
Query Builder