MAL-2026-4624 Malicious code in nw-demo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5e3ff057a42800ad78024ac1c48e0d6fbf9c828eb828a41e6737c32b6174ce8c Package is published publicly on npm at version 100.20.33 — a version-number shape used in dependency-confusion attacks to outrank private internal...

EUVD-2025-176937

Malicious code in public-gacrux-jsonp-sirius npm...

EUVD-2025-176720

Malicious code in relay-halley-ophiuchus-public npm...

EUVD-2025-176473

Malicious code in sed-route-encrypt-refactor-public npm...

EUVD-2025-178872

Malicious code in forever-cypress-public-package npm...

EUVD-2025-114863

Malicious code in cressida-subscription-heka-public npm...

EUVD-2025-123158

Malicious code in public-oberon-tailwindcss-grus npm...

EUVD-2025-123159

Malicious code in public-npm-leda-prettier-plugin-markdown npm...

EUVD-2025-122604

Malicious code in resolvers-bellatrix-jsonp-public npm...

EUVD-2025-112013

Malicious code in karma-deneb-eslint-plugin-public npm...

MAL-2025-142310 Malicious code in event-duplex-node-config-public (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 91782b6d72afe4d207bd69bcfab8387ad5e5b1f67818488fa1c67774655d9e1f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in yuni-pecel86-sukiwir (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cd18e65bb635c4e74729b1159a0941995a109697821755174ab191d69bf3fca9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

CVE-2025-61776 Dependency-Track possibly discloses private NuGet repository credentials to api.nuget.org

Dependency-Track is a component analysis platform that allows organizations to identify and reduce risk in the software supply chain. Prior to version 4.13.5, Dependency-Track may send credentials meant for a private NuGet repository to api.nuget.org via the HTTP Authorization header, and may...

MAL-2025-46247 Malicious code in technocracy-antares-polaris-public (npm)

The package technocracy-antares-polaris-public was found to contain malicious code...

Malicious code in cluster-lightyear-grus-public (npm)

The package cluster-lightyear-grus-public was found to contain malicious code...

Malicious code in luminescence-accretion-thuban-public (npm)

The package luminescence-accretion-thuban-public was found to contain malicious code...

MAL-2025-3383 Malicious code in chii-public (npm)

--- -= Per source details. Do not edit below this line.=-...

CVE-2024-23054

An issue in Plone Docker Official Image 5.2.13 5221 open-source software that could allow for remote code execution due to a package listed in ++plone++static/components not existing in the public package index npm...

Remote code execution

An issue in Plone Docker Official Image 5.2.13 5221 open-source software that could allow for remote code execution due to a package listed in ++plone++static/components not existing in the public package index npm...

CVE-2024-23054

An issue in Plone Docker Official Image 5.2.13 5221 open-source software that could allow for remote code execution due to a package listed in ++plone++static/components not existing in the public package index npm...