EUVD-2025-83750

Malicious code in validmarmotz3n npm...

EUVD-2025-71303

Malicious code in validhedgehogz3n npm...

Malicious code in valid_dolphin_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6332d566e9029a7f9020466893a5e21faaca6af3dee5f22cb8d8bf914848192e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in valid-salmon-leech (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a56acc6830d2b06cc8ab4af0b5eb9c813d71b32658c54285d1cf808658749b9c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-51256

Malicious code in valid-salmon-leech npm...

EUVD-2025-51255

Malicious code in valid-turquoise-emu npm...

Malicious code in valid_marmoset_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e5f081f955afbfc8de5f7523bdd2c328def4f198b4e46426ee2f5f63d0dd6b3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-49107

Malicious code in validmarmosetz3n npm...

EUVD-2025-44759

Malicious code in validsilkwormz3n npm...

EUVD-2025-44760

Malicious code in validroosterz3n npm...

CVE-2025-64178 Jellysweep uses uncontrolled data in image cache API endpoint

Jellysweep is a cleanup tool for the Jellyfin media server. In versions 0.12.1 and below, /api/images/cache, used to download media posters from the server, accepted a URL parameter that was directly passed to the cache package, which downloaded the poster from this URL. This URL parameter can be...

Malicious Package

Overview aes-valid-ipherv is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

EUVD-2025-37871

Malicious code in aes-valid-ipherv npm...

Malicious code in aes-valid-ipherv (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0f22d763f4c915454a17152533dbf628f16eef45bf66f27ecf13414baa94002c The package aes-valid-ipherv was found to contain malicious code. Source: ghsa-malware 22297960d5b9fc9c09290fc460a632ff653b9b660089fa10ffff05c2efc053...

MAL-2025-49356 Malicious code in aes-valid-ipherv (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0f22d763f4c915454a17152533dbf628f16eef45bf66f27ecf13414baa94002c The package aes-valid-ipherv was found to contain malicious code. Source: ghsa-malware 22297960d5b9fc9c09290fc460a632ff653b9b660089fa10ffff05c2efc053...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989685)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989685 advisory. In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid f2fsbugon in decvalidnodecount As Yanming reported in bugzilla:...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989842)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989842 advisory. In the Linux kernel, the following vulnerability has been resolved: s390/dasd: protect device queue against concurrent access In dasdprofilestart the amount of...

Email TFA - Moderately critical - Access bypass - SA-CONTRIB-2025-115

The Email TFA module provides additional email-based two-factor authentication for Drupal logins. In certain scenarios, the module does not fully protect all login mechanisms as expected. This issue is mitigated by the fact that an attacker must already have valid user credentials username and...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989647)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989647 advisory. In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on totaldatablocks As Yanming reported in bugzilla:...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990322)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990322 advisory. In the Linux kernel, the following vulnerability has been resolved: mm: prevent derefencing NULL ptr in pfnsectionvalid Commit 5ec8e8ea8b77 mm/sparsemem: fix race in...