Malicious code in eugene-validator-catalyst (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 535e75b7366b5df20db6b738d9e76bf0460d42914259468fb8d28c449da59d2e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-100144 Malicious code in buckley-validator-catalyst (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a4f8e3630214a2f60b867478a5eaf2cff0534773e8d1ddfdbdd8ee64d8780b93 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-107807 Malicious code in reginald-validator-catalyst (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0190c6bef403b79452ddcb23e3420f8f97b434c7075b127ccd5da27c2861bea1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-104845 Malicious code in kory-validator-catalyst (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b7c3c03e2021a2370261f9859262150cb03e21588d7586234d0851db89eca895 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-99943 Malicious code in bernadine-validator-catalyst (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a343b8a6f7ac6d118793d447ffbe85de2c7b57ef6afc23f9c30a44c32a309c5a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-105288 Malicious code in liza-validator-catalyst (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ab78b40fbbb84680fcd8f891474e0b9076a907f2db2873ba69c81a0703839b32 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-105381 Malicious code in lucero-validator-catalyst (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 504f84d1e97b34d43dd0a9ed513ce5c8454abde1066431965ce33b321ad4609d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-109062 Malicious code in stacey-validator-catalyst (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0898173c7756e700fc17bcad1fbe5f08c56712ad76ed3c79bcc449553f7253c8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-100069 Malicious code in boyle-validator-catalyst (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bfc67fd48d5534887ceb9f49a56f0e72f11e6df2ad8c201f4dce6d163d89a5e9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-99486 Malicious code in anthony-validator-catalyst (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f21c6e8738a22ddbbc93a330eea082e5d007eeef170a121470efaee78d21f4fb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-110649 Malicious code in waldo-validator-catalyst (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7ba587d457551237e7ba3d7fb5f5e2642cd0b38d50acd43c1787e089dc8a62f6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-101344 Malicious code in dennis-validator-catalyst (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5368cd9c3fcbd600a396888bde5eb5ce94ce6a2bdf51f4829b94cb701441e04e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-105320 Malicious code in lonny-validator-catalyst (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1666a1dc9802d39cfb57705827af09f01d85f825ce6b3a71c212c75eccb8556c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-105967 Malicious code in mooney-validator-catalyst (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f30af66d18545ef8be075b3600519826353e00aacf02270aea5dc21cbc13e24 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-103709 Malicious code in hicks-validator-catalyst (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cbf18ec8a00e5e7fd788ae4ce79aeeeb94d3e519dc00067043b7505f1cbd393f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

CVE-2025-64518

The CycloneDX core module provides a model representation of the SBOM along with utilities to assist in creating, validating, and parsing SBOMs. Starting in version 2.1.0 and prior to version 11.0.1, the XML Validator used by cyclonedx-core-java was not configured securely, making the library...

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection via the validation process which use XML Validator with not configured securely. An attacker can access sensitive information from internal files or external resources by submitting specially crafted XM...

CycloneDX Core 代码问题漏洞

CycloneDX Core is a CycloneDX BOM Standard open source aid for creating SBOM applications. A code issue vulnerability exists in CycloneDX Core versions prior to 11.0.1 that stems from an unsecured configuration of the XML Validator, which could lead to an XML external entity injection attack...

PT-2025-46213

Name of the Vulnerable Software and Affected Versions CycloneDX versions 2.1.0 through 11.0.1 Description The CycloneDX core module, used for creating, validating, and parsing SBOMs, contains a flaw due to an insecurely configured XML Validator. This allows for XML External Entity XXE injection...

Incomplete Filtering of One or More Instances of Special Elements

Overview org.webjars.npm:validator is an A library of string validators and sanitizers. Affected versions of this package are vulnerable to Incomplete Filtering of One or More Instances of Special Elements in the isLength function that does not take into account Unicode variation selectors \uFE0F...