190 matches found
CVE-2026-40093
nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In 1.3.0 and earlier, block timestamp validation enforces that timestamp = parent.timestamp for non-skip blocks and timestamp == parent.timestamp + MINPRODUCERTIMEOUT for skip blocks, but there is no visible upper...
GHSA-49XC-52MP-CC9J nimiq-blockchain is missing a wall-clock upper bound on block timestamps
Impact Block timestamp validation enforces that timestamp = parent.timestamp for non-skip blocks and timestamp == parent.timestamp + MINPRODUCERTIMEOUT for skip blocks, but there is no visible upper bound check against the wall clock. A malicious block-producing validator can set block timestamps...
CVE-2026-40093
nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In 1.3.0 and earlier, block timestamp validation enforces that timestamp = parent.timestamp for non-skip blocks and timestamp == parent.timestamp + MINPRODUCERTIMEOUT for skip blocks, but there is no visible upper...
CVE-2026-40093
nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In 1.3.0 and earlier, block timestamp validation enforces that timestamp = parent.timestamp for non-skip blocks and timestamp == parent.timestamp + MINPRODUCERTIMEOUT for skip blocks, but there is no visible upper...
MAL-2025-187835 Malicious code in local-astrobiology-magellan-airbnb (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4a2c2f4a1059031e0a45ea178d7af7eb11800fc2c6f6b0f385b866faf57316f6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-187956 Malicious code in mdx-zenobia-altair-colors (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a4aacf4eaaadb9bc25062197eb2c1c852cdbbeff87ba8577ac4680b6deda5b2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-189830 Malicious code in taurus-mutation-izar-node-sass (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c256602c1f7c8b93be5ed695597c57a40839d4299f5b8b8cbe4a4f17d74ed56c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-187869 Malicious code in loopback-magellan-foundation-csrf (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9f9be3358b5196be685222ab977cbc9e55f402b2b9a88a7ef872d91c7115e53f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-189079 Malicious code in rate-limiter-areology-dorado-apex (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 531a5a33c302063443322b56d40422675ab57fff80775b6ee7e266f4bb0b7165 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in miranda-lithosphere-xo-alphard (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5f1eac87038018d949f144f833ce309a39c90f8dff7dca3d342001cc46bd9217 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in try-stub-yaml-query-awk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64d7afc6d4f0fe68228645490da6a101c05503ade1edbaa923ccc4560f7632b2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in avarag-olubis-aibaubi (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a88c6a890311f1793cc139de1e01e3cd39153ab4c0e53ed7984b4f2dc2d78e2c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in astam-ifut-dinuhsukosuhgoa (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e11e92b0f03d4dcc082f434397fc50f6d329cfdec67e769e7a173bc7e3722a55 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in tunis-kjt-garfuavimas (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4c895549602cf17cb69115a0f80babcdc86908a8b6552d8895b933cc9b84b078 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-184687 Malicious code in olobc-uyg-ugohi (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2fadcb60a3c379bdfee249d3201cdb708b4897971ecc7c4facc47772bdd34a24 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-181625 Malicious code in astam-ifst-diakav (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e6e72723fd60f6fe8c9b657414bb697e95f4c8bb06fc64acde808f82e1462272 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-179957 Malicious code in lookingan-nanakila33 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eadeb500d903fef7e1b17c239f28aed63b617b0cfcc9172936e4d50fe2083066 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in kapvino-sovni-faravi (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4564d1f470c5daee68483e1f3b44389d440c6b9d975d0a52728032bbc1014018 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-176282 Malicious code in namada-kangasa0-nuvayat (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a61a311cee20b2e147cd7b4332c4891ace890aa63cc81516a9dad4ca9cd4da35 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-177099 Malicious code in nuyar-adudar-baidaya (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 60b14c42c5c025f0a90e4a441ceb8be3cdb4202ba6e5fdd6d871e96dedd9a6dd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...