Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Snyk
Snykadded 2026/05/18 9:0 p.m.6 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snykadded 2026/05/11 9:0 p.m.5 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snykadded 2026/05/11 9:0 p.m.10 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

9.8CVSS6AI score0.01601EPSS
Exploits3References2
OSV
OSVadded 2025/11/12 7:18 p.m.2 views

MAL-2025-176768 Malicious code in nuilva-daerde-oagfafalif (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16473925091256af5c05ec9e2288cb0f885b49a61edce54016972efa0929a678 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSVadded 2025/11/12 4:47 p.m.2 views

MAL-2025-153025 Malicious code in aviah-afiaga (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9011ec86967ec7365a38995cbcc18feed364f0cb7720ab937e3904bf84d1cac7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSVadded 2025/11/11 8:11 p.m.3 views

MAL-2025-124508 Malicious code in yanti-sroto84-breki (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6dae9824f134233ad4a098eb06f75117410d929c0e9e643ad7786af3df49ddaa This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSVadded 2025/11/10 6:2 p.m.3 views

MAL-2025-60716 Malicious code in irrelevant_harrier_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c748cb9f22fa33a3217285b2ac6568ca9a0c7f007712ff8785d3735e1b070bb4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packagesadded 2025/11/10 4:40 a.m.3 views

Malicious code in joko-bakso74-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0d5dfc5b082b5edcbc23fa10b03f0e49d8168f3114492b80e4ab126cc6a7b215 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
Rows per page
Query Builder