27 matches found
CVE-2026-32621
Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Prior to 2.9.6, 2.10.5, 2.11.6, 2.12.3, and 2.13.2, a vulnerability exists in query plan execution within the gateway that may allow pollution of Object.prototype in certain scenarios. A malicious client m...
MAL-2025-186839 Malicious code in eslint-config-uninstall-mongoose-superflare (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4389e7f6cba244996efe78ec18203346fe48ed7af508ed9911925bb724a6fdee This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in imugiay-ajvog-dnieamfnupa (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector deae44bee845e37d2c8efd3cf35cb21e5cd3bb71ddea0baeb54d5a9fd67ee938 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-176530 Malicious code in nokire-tanjiro41 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4c2f4fc93adeb6ce7d8a7fa5fd34355e4eb6e4057ddd8c753eb0b88f1c9c231b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-151005 Malicious code in @miptaa02/wast (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ce31525c76fcc2147de87f19fb8d71081764813becdcae501acc7fc51d453b78 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in tear-grsas-rc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cbd2d5aca40a8c2c03c3e973ca8866ed7d144310aea39283f29e3fa7c48a22f8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-150189 Malicious code in @mipta1/resaadx (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 49b5d5ae0a87d5745759d20eab3132c06e2a7d237b5efbbda50e283bb8842da8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-147072 Malicious code in react-bootstrap-publish-concurrently-command (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 40ca53b27778645d89b96eb595882242733d814a4cfe82678efc4b8e67b9ab61 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-132089 Malicious code in arif-keripik85-sluey (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 675ae16308462ebb1968947867d416f77caae9dd59971e97c76fcd90acd78205 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in udin-lapis70-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 044cf9a56849e6dfa8442901970685cfb606914ecc02508c2069ce362713c6f0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in wibowo-tahu54-breki (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3df05953d0707db4742b52553de3398aeaa49ad8b604e928d538eec819fc84cd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-114530 Malicious code in hanafi-klipo10-miaww (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d1546aa05a86e9d24a1aaa0eb1e9764ae360448fc1f6bd37ed791dc4794c0989 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in sheer_termite_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3be9c601b3c811981c32b261557c2da6383ffcbf053c8a8171eea8f70405d5be This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-111290 Malicious code in yelping_parakeet_0xrequest (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6d3f02a000ec1351b5b207c4178f2dbae91d1b67e4c53f43b384d8374d2d8c3b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-100147 Malicious code in budi-empal12-ruro (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ac1a456b2fbc6fa4e7a33bada048f7687e5099cf80994b7941be8bcb24c1487c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in interested_dragon_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f70ffdc081248d8e9d19dfebc1d0ed8e11bf1adaf8a6ff5968e7b3ee11a6c8f7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in fajar-kentang72-ruro (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector af68c2ed1dfcf9e2be538c4ca822ddda04140c86dc7db6eb23853c1b867b560f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in tiny_parakeet_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b3354a8a78c7de29ed792503b12a2398996a8c611cec69ad17fe440449de4f5d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in tricky_crayfish_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 50a55588e96863eb6d5da2e058129d3c1966b07cc630b50298881ce1d6328049 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-78392 Malicious code in gilang-gandul31-sukiwir (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a1cc38de1c26c6a40bc30ec3c366ab18a1b15c939c3017cde72391d4f571ce8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...