7 matches found
CVE-2026-50016
A flaw was found in pnpm, a package manager. This vulnerability allows a malicious registry package to include specially crafted dependency aliases that contain path traversal segments. During the installation process, pnpm incorrectly processes these aliases, which can lead to the replacement of...
@regis-samurai/n8n (>=0.216.1 <=0.219.1), n8n-nodes-accelo (>=0.1.0 <=0.1.9) +11 more potentially affected by CVE-2026-42236 via n8n (>=0.138.0 <=0.93.0)
n8n NPM version =0.138.0, =0.216.1, =0.1.0, =0.18.0, =0.1.0, =0.1.0, =0.2.14, =0.1.0, =0.1.0, =0.0.2, =0.0.2, =1.1.3 Source cves: CVE-2026-42236 Source advisory: OSV:GHSA-49M9-PGWW-9VQ6...
MAL-2025-177632 Malicious code in polymer-afaj-ratfdaf (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d4ed485e9c2c410258413bb5edc623ace3ce92ecd543a408c0e21178ef486ef8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in lookingan-namala3 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 15eea16f6ad91a63b2534420071c2c113cabc16b11b31a138f5eb0d1714d5eff This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-127429 Malicious code in intact_impala_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 86d42dcde7210aecdaa2cc59df9c5cef75f7ef02c317cb45bfdb386e83b93c17 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in dian-gado-gado9-remi (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fa89b1ea63766c588f96964ff3bb5d8015ed1cb00e2c9bbb0d6b36dbf7267d9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-80959 Malicious code in responsible_bovid_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f93337923ddcba647ed0965762c5b66f0c5ab1e4ba3b71f9e70eee986b04eb26 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...