Lucene search
K

6 matches found

Snyk
Snyk
added 2026/05/11 9:0 p.m.10 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

9.8CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2025/11/13 3:23 a.m.4 views

MAL-2025-189820 Malicious code in tau-mu-good-beta-kappa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7ffc911728d84781a700b5b9e706f5e42e1d50b3a29e8c8141b254da2aa124f4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/12 6:0 p.m.5 views

Malicious code in alexandermartin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 385eb2955cf96e2f3a5a27796c5ab941f038cb9d56b0d77b31045319e243e176 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSV
OSV
added 2025/11/12 4:47 p.m.2 views

MAL-2025-164175 Malicious code in pilka-lniu-kanukakili (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 56857214d67b3876f84e72d99d7c134f33200bf5e20012bb3b739e9b3787af14 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/11 3:48 a.m.3 views

MAL-2025-80661 Malicious code in prepared_gull_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector be8e8f5187ea020fdcc51d9621b30262b9ba710059d27fc6048425e9b0869b98 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/11 12:41 a.m.3 views

MAL-2025-67843 Malicious code in dominant-teal-gerbil (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector acb20e1e026cbf8da464926f8fa35f21bac4e7faad179339c8d380d3cce5ffd4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
Rows per page
Query Builder