1315 matches found
MAL-2025-166825 Malicious code in teagood-cuekin58 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a6be57b1fe9eff229d23f0716fd00dca397bca4d38e39b4911663eca0b7ee810 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-158346 Malicious code in lookingan-konami81 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36129a4362f716737e5fbe02c3673096289c257168fd4aa24c05bd8baf743d09 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in keyla-poke38 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 966dad035e3afeef64989da370f2982764711d9a040a6c5fb6cf02fc553d960c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in nabila-poke100 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 59c0d8313f5eed921302657b7f1776aeec4b30bbb64f760ac5d6f5b9581d2992 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in teagood-yakuna61 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c21f82ec7b11813941d86bbbe32cc227cbf0690ea2db6cba5c5c9fff097d0bf4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in nudela-rae-naha (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7a0f5136a49dbbbbebd8df3e0057e7ba94cc1ffd95e64c583e1d9d2d337cc6fd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-155640 Malicious code in hafiz-poke34 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e4aae805180cbe28341f6cf24d16ef88f09e5a404725f9bcadd3417401e21ddf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in uinsu-technls-portalsia (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36140ebebba6792be626aee421f62ce243248161991f9cce3889181f1eb2e929 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in dajouka-ds-tac (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1db1c13ca806fc4dbf787d2878ab7a74366663c9635732c3c0a33ee6341b8090 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-151810 Malicious code in aiboa-mioliupe-auagasiatia (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 05a9143ffb1b6f2992cb4d2146c4cdf394072fe501f7d91a50810afe3cceb4e3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in javascript-dotenv-quasar-spica (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 996a3dae89f9b7e3bb0b73ff7640c83fb95b29c9f700d3dfa3ecbecaa30be33a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-141758 Malicious code in dotenv-safe-lint-standard-stream (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f96ce93bc5896847055a774b8ee4747daf6ed0538e96b9ffb3a4bcc8c1f03366 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-146780 Malicious code in publish-concurrently-gacrux-sirius (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d2cfe0c3e58ae6358bb280c4b65e3b0a5ad1a578037814733f4f7581aa92c89c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in exec-markdown-pdf-lyra-postgres (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7ba57287ed1f74c1a4a3b805756b3c4022fb5695ff5ffedbc4695321e339df30 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in phoebe-rimraf-transport-gravity (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6d320839b4d250dc51a6c8d4afcf02325f2d067157ca501e732ebea5362aa8ce This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in docusaurus-sync-aurora-aquarius (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de322dc14cbf09d6210fe4f1063f229a8881ac8ba3a9ed3a70a31dd85cc166d4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in yakutsk-dactyl-ini-astro (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bf395e7b3693a939d7ad32c6e4cc5ae06e04fa347b15775871942a5e6c28d16d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-149463 Malicious code in wezen-mira-pm2-fusion (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 48dfb675efc87f46b8c1732d0a186062453d40de5752664af00e8082b7ca5d40 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-144621 Malicious code in magellan-alphard-cygnus-sirius (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fb03d334d5fb3fded9247c374d838c01faefeb9b836133ef2f495a0c002fda2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
CVE-2025-43205
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to bypass ASLR...