190 matches found
CVE-2026-40093
nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In 1.3.0 and earlier, block timestamp validation enforces that timestamp = parent.timestamp for non-skip blocks and timestamp == parent.timestamp + MINPRODUCERTIMEOUT for skip blocks, but there is no visible upper...
GHSA-49XC-52MP-CC9J nimiq-blockchain is missing a wall-clock upper bound on block timestamps
Impact Block timestamp validation enforces that timestamp = parent.timestamp for non-skip blocks and timestamp == parent.timestamp + MINPRODUCERTIMEOUT for skip blocks, but there is no visible upper bound check against the wall clock. A malicious block-producing validator can set block timestamps...
CVE-2026-40093
nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In 1.3.0 and earlier, block timestamp validation enforces that timestamp = parent.timestamp for non-skip blocks and timestamp == parent.timestamp + MINPRODUCERTIMEOUT for skip blocks, but there is no visible upper...
CVE-2026-40093
nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In 1.3.0 and earlier, block timestamp validation enforces that timestamp = parent.timestamp for non-skip blocks and timestamp == parent.timestamp + MINPRODUCERTIMEOUT for skip blocks, but there is no visible upper...
Malicious code in miranda-lithosphere-xo-alphard (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5f1eac87038018d949f144f833ce309a39c90f8dff7dca3d342001cc46bd9217 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in try-stub-yaml-query-awk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64d7afc6d4f0fe68228645490da6a101c05503ade1edbaa923ccc4560f7632b2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-189830 Malicious code in taurus-mutation-izar-node-sass (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c256602c1f7c8b93be5ed695597c57a40839d4299f5b8b8cbe4a4f17d74ed56c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-187956 Malicious code in mdx-zenobia-altair-colors (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a4aacf4eaaadb9bc25062197eb2c1c852cdbbeff87ba8577ac4680b6deda5b2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-189079 Malicious code in rate-limiter-areology-dorado-apex (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 531a5a33c302063443322b56d40422675ab57fff80775b6ee7e266f4bb0b7165 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-187835 Malicious code in local-astrobiology-magellan-airbnb (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4a2c2f4a1059031e0a45ea178d7af7eb11800fc2c6f6b0f385b866faf57316f6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-187869 Malicious code in loopback-magellan-foundation-csrf (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9f9be3358b5196be685222ab977cbc9e55f402b2b9a88a7ef872d91c7115e53f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in tunis-kjt-garfuavimas (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4c895549602cf17cb69115a0f80babcdc86908a8b6552d8895b933cc9b84b078 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in avarag-olubis-aibaubi (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a88c6a890311f1793cc139de1e01e3cd39153ab4c0e53ed7984b4f2dc2d78e2c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in astam-ifut-dinuhsukosuhgoa (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e11e92b0f03d4dcc082f434397fc50f6d329cfdec67e769e7a173bc7e3722a55 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-181625 Malicious code in astam-ifst-diakav (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e6e72723fd60f6fe8c9b657414bb697e95f4c8bb06fc64acde808f82e1462272 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-184687 Malicious code in olobc-uyg-ugohi (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2fadcb60a3c379bdfee249d3201cdb708b4897971ecc7c4facc47772bdd34a24 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-179957 Malicious code in lookingan-nanakila33 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eadeb500d903fef7e1b17c239f28aed63b617b0cfcc9172936e4d50fe2083066 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in kapvino-sovni-faravi (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4564d1f470c5daee68483e1f3b44389d440c6b9d975d0a52728032bbc1014018 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in poglymer-oggh-ahian (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4cab46095de30c4ce245a932866b73351a7341e2685e8803728d34e29c164095 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in nokire-kushiya12 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 23839a60f08396da07b7ed703cdbfad6c8cd456aa1997b46b8b7f875d0ead384 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...