9 matches found
Hexpm 安全漏洞
Hexpm is a web page and interface developed by Hex OpenSource. Hexpm has a security vulnerability that stems from uncontrolled resource consumption. This can lead to exhaustion of memory when publishing very large software packages, thereby causing a denial-of-service attack...
MAL-2025-171126 Malicious code in eclipseenvoy (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9fc2bc6bd55809cf399dd5bfc9e023e77a8e0707824cf45fc68d301932fbb780 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in luna-alphard-carpo-kastra (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 858b404a04654b7bacd6671b13d22b9deb8727e4348c2613d154f23d814bdd2b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-147669 Malicious code in sass-loader-gravity-draco-miranda (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8d0d8a65fc724223d4447a7e5edeb4e86f4caf1d3c491101f9560c8b5752539d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-122638 Malicious code in putra-telurtahu46-breki (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0ab126660365d767e5ec5f346bb2a56b9c9bf5eccdfa80fc7e00543f265835b7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-64695 Malicious code in okta-tempe64-sluey (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a09e72c1599c2c181e8de6e8dba78c257e067f06f1a2db2f4b5699f89e61c524 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in bayu-keraktelor97-sukiwir (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 08f0cc6fe2aec2ca0ee7847f79ff807cc4afbc80e5302de3ec7643fbe3f25048 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-50725 Malicious code in wibowo-tek50-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 616004f9edfa22b912925dd78384fa7c1617c000dd7073fff2afa21ef4147830 The package wibowo-tek50-riris was found to contain malicious code. This package appears to be part of the tea.xyz token reward campaign that flooded...
Malicious code in selfmccontrolstudy (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx d03dd732353d8a4b704ceabee4dac2c38a0adcb3b1f0dd06041b97a2199dd0fe EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...