CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

MAL-2025-144924 Malicious code in meteor-postcss-galaxy-markdown (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5baa599df8327e1b0ad8e16250d1ace51cc18e05fdcea42dc67da326bfb9383c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

OSV•added 2025/11/12 4:29 a.m.•2 views

MAL-2025-139650 Malicious code in atlas-neptune-postcss-private (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3642a23ed879e58d8e6a28ce1fe2b4842279d353ee9f22be6c766e7a10de4b67 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143082 Malicious code in grus-avior-sirius-postcss (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea92913ca746cb08deba1e9521afb260165ec52b0ff7c0cbbe937855ba8986ab This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146380 Malicious code in postcss-await-janus-triton (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 24f95e8dca9374bd68093ca7b66d2bc1f9fe8b85ed4d42fe457323a52534de0b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145136 Malicious code in mongodb-postcss-loader-async-scorpius (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9142e08ed13db0529b9ced6d0dc369bd6d77a6c48aa9ab1c6409a1b485c8b2d0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143999 Malicious code in jsonp-jwt-avior-postcss-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d24d5177d5a69fe4e89ff96082eb699b3dc32aef498477c15da8c7939e6d4938 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143522 Malicious code in ignite-pm2-postcss-transform (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8095a9cb35cc211097688e59741a37304773dc1f5130ed8ae6a8a9f8eddfcb5e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149262 Malicious code in warp-build-postcss-loader-semantic-release (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1dad8ad4499914a024c628b190c40ae7f1c43abb2220d0b3cc416b5b887452f2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146382 Malicious code in postcss-chalk-cassini-hugo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8cd5f2d5d3d3bf33c23a3ca41571ccc6d77668f774fa2b3c8985024b5ed6051f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141304 Malicious code in css-loader-gridsome-postcss-loader-yaml (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b76708fe5d0a2195e1d55421d5eb35a7bfcffe8ce7ea160c4bdd464e0fe4702b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146420 Malicious code in postcss-protractor-karma-configstore (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d16675a33058376a90e011bd1d015a37a8d8b845bea120f47975b1d70153514a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146414 Malicious code in postcss-loader-winston-transport-spinner (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 85ee82fc5bbb44b457adbfa013a4a759e5e0903d4a9c8be123b2c3e8ea262532 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146410 Malicious code in postcss-loader-slidev-gulp-bellatrix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5862d33be04bc9356770af83130173cb0e8ea065555eca3cac16d8de2bd2a5f2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146400 Malicious code in postcss-loader-mini-css-extract-plugin-development-heka (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 06bf6d7f07b3ed2d9691b5bcc6b10f80b6a8691b343b4cc3ba50758e2edf9632 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145422 Malicious code in nextjs-postcss-galaxy-triton (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5546276d3b6710db29e003e3d35096e0f4ec408654685b966043b94a6f2e55fe This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146416 Malicious code in postcss-magellan-ursa-zenobia (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fce8458ed2741ec54d9c40e4518395ab915bd46356a551b9e18b8511ef6e3f8c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...