5600 matches found
CVE-2026-42574
The CVE-2026-42574 issue affects apko dirFS used to build/publish OCI images. A crafted APK could place a TypeSymlink tar entry whose target points outside the build root, enabling traversal to host paths via subsequent directory creation or write operations within the same or later archive. Root...
CVE-2026-2625 Rust-rpm-sequoia: rust-rpm-sequoia: denial of service via crafted rpm file during signature verification
A flaw was found in rust-rpm-sequoia. An attacker can exploit this vulnerability by providing a specially crafted Red Hat Package Manager RPM file. During the RPM signature verification process, this crafted file can trigger an error in the OpenPGP signature parsing code, leading to an...
CVE-2026-2625
A flaw was found in rust-rpm-sequoia. An attacker can exploit this vulnerability by providing a specially crafted Red Hat Package Manager RPM file. During the RPM signature verification process, this crafted file can trigger an error in the OpenPGP signature parsing code, leading to an...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Malicious code in promise-jovian-cli-nightwatch (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ce7920e2648fd98b014ba6e5691d3aaa8d488968c54a9a951d7f0f09354f62de This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in radioastronomy-mongoose-inquirer-hyperion (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 98b90a3ad43fd3d17f857f0d6f4fe80c069a4b11b70c9356b9193d840d067320 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in bad-hash-shell-interpret-compress (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 316f1a952d8d4f9ff2d20791bad79a3bf3fe3f2c8559da46bb62c4d37f47d468 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in quick-serialize-small-bash-delta (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 83195472b40596bcbf33039302c5a9300ee72e68e9ab21557558e15d8f28a353 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in testcafe-miranda-electron-umbriel (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6dc56bc034bb1eb4e4b4fd3fc8d7db620ba01d5807f3200c1c40cfe1f26c695 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in config-regulus-auth-ophiuchus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 602504708c1fa23065534bfce58fb93eb8c0713426b28a6b5331ac55f1425922 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in server-astrometry-ceres-aether (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9430520de490e8f75068610ccb80db0faea486d1597a97a99d229f28c8b0d831 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in nestjs-luna-meteor-despina (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5dc02951e53ebfa9301168eba0b7c56d46b25e61f53253199174afa594b15df8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in areology-atlas-dotenv-safe-greatfilter (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 30a274a73b2bf94ea441167c4bdbdd6e5887ef52aa83f8c6509c5c8349835aa6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in quantum-computing-less-loader-mensa-css-loader (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eefb4c011996c06f58eda7e1840993e823cf3eddca4bdc92a366643fbc9da57c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...