44 matches found
Malicious code in soundsource (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e3285c5fec24c01c9c463e85c199934f5a08da7e94277583430a6e3feb274add The package's source distribution contains Token.txt at the tarball root holding a live PyPI API token prefix pypi-AgEIcHlwaS5vcmc.... Anyone who...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
UBUNTU-CVE-2026-33249
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Starting in version 2.11.0 and prior to versions 2.11.15 and 2.12.6, a valid client which uses message tracing headers can indicate that the trace messages can be sent to an arbitrary valid subject,...
Malicious code in lookingan-jaja94 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5a10b2a6763358bdc1a717233c4946b60636391f46d85fe079c724b038ec880e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-163748 Malicious code in nudela-aoaf-gafi (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2375b1bb3d9faedd7c71b43ad14884503a29cdd83037c4290f2cf5d262e33ef6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-159619 Malicious code in manda-23 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1af83be92a4d78539a7b8b449ac1e8611de2926a3f0bc712b25a06a749ca5054 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-164739 Malicious code in rino-poke89 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ac52e925efc3417f90dce7f480a75cd1136bf682f6042813904c84ffdf810f0f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in technical-albiko-tin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 608cc5a9f05227bfff30cbd34afd9d80737d1a499c286aa882615ee8ac0d0546 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in guras-asia-v (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector be45faebf774d4bc77174806ed291f085e894027e5145addc89728ddac5c45f4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-153593 Malicious code in avomainah-fridaatqft-fafugofada (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fcde065a342e2367047931c74199831f3ddc5924f9cbedd96ef80f7e168d8805 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in inufgi-gotumafa-anuaz (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6beac3d4076c944f1b372ed18a4188313cc2f96c04f6fe693ba3f202a284f757 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in teagood-yakuna21 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 68f90e343136c8c6b63d37a6d090d227546a91993c6482f9c522bcccf47ffbad This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in uinsu-lisa-amaaba (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b1bf07d4add7903934483d4a865a7e4925b03388d4dece67d85d7a6cb75e2e2c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-141314 Malicious code in css-loader-relay-element-ui-gulp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cd3a2b6b8eb1dcee62835621683bfa4bac6dc855bdb77725f0cb058fccaf4ced This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-138933 Malicious code in personal-jade-parrotfish (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f77fd24d5d04814d0339e97be48906769d7751a0cd15f4eef9bac8dbc69c672c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in putra-rangi41-sluey (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c14b3c35b223b723581bab41b9dcfe1dbb7b1362065be2f1f1e3adf0899a8da8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in nana-brongkos25-sluey (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 00ca921c0ed3b124a7ad326f458771d784989558f40ffbf51fd95a78ab7a9988 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in budi-kue32-sluey (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0342b69e3eefbf6145c6d115c8368c23180abda1f8955b3ad2b7721b801e3b9f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in shy_aphid_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b76dd775c7f94dac1cd8136fc533d61494c5e9177d12fb151a0af503794b700 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-130059 Malicious code in sari-soto38-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b1594a7725b6df2cc1298bbba838d84c619ef52b61884e13682e7386aa8a238c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...