40123 matches found
Longitudinal Analyses of SAST Tools: A CodeQL Case Study
Open-source software OSS pipelines rely on automated static analysis tools to prevent the introduction of vulnerabilities in code. However, there is limited understanding of the efficacy of these tools across the OSS ecosystem over time. In this paper, we introduce a novel method to evaluate stat...
CVE-2025-64753
grist-core is a spreadsheet hosting server. Prior to version 1.7.7, a user with only partial read access to a document could still access endpoints listing hashes for versions of that document and receive a full list of changes between versions, even if those changes contained cells, columns, or...
Malicious code in tardigrade-mini-css-extract-plugin-nightwatch-blueshift (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eccd2dbe37050ec44770db072262af063d90c8cbb1f901cc4ab7337d91745c94 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in helmet-pegasus-non-blocking-phoebe (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 14468cf08644b774f382415ed7ea9da2eca47006b532d6e5389e4ad5a9f45130 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in transform-robotics-filament-orbit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 65dfde16dd768ac14d658dcc5d9aefd9d6e5e79e6df9a61fe8202c0c895d6480 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in tree-function-kappa-decrypt-assert (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1cacb380e1ce93ad7d45f252a5f9858b2a29a47775e53ec4c03d4779cadce49d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in table-old-sun-await-decode (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3fff252c7519516e755af569d60b67bb3cbe754fc47400f464b2f0a3628ac9d4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in spawn-webpack-nightwatch-slides (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 318806806d481ef740dd17c622bc164b94a295e29a9282fc7c00d3951dfeaee0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in rate-limiter-chalk-miranda-cassini (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 97dbf12820a23efa6071dd559b66e1fce9c4821a398877a4c63e432d20b01f2d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in commitizen-eclipse-sadr-chariklo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 003be40b652756a8eba0205c1a4a61f63cfc4136def4cf7aa389bed75aa2f8fd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in darkmatter-exosphere-exoplanetology-yakutsk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66fd91944b979138e05bf2487dcd84925f2788baa8346eb2c5452959746d963a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in development-kinetic-mocha-equinox (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 96160b948656b764d9430295e2b31751c70cbd633bb727db7d40e6ab62af00a8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in betelgeuse-backend-primatology-query (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0c5995d6d5645041f7e7ee5a9952e52c2b3df30f72996e6c50b6cc3211a8f910 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in helios-cressida-biogeochemistry-halley (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0768619dd13d60c867707b16965714e491fc15a027c1e3dec26fee22674eabd1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in convict-writable-webpack-cosmogenic (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d97564ab9fc4db43f4230b9d93ccc412d62ff1b73b25e6ee7eeca8c3f4298df7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in dagda-pulsar-redshift-remark (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 01eb7e5dee33aa92aeb7c166125c8a2a537b2b75814637049b7ce936ca515d24 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in easy-parse-async-xi-analyze (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7dd6435fb32b846e888bf4ec073cb1121ac3787e29184213f76f831bbf3095c2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in astrochemistry-ionosphere-gravitationalwave-joviology (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2119ba76eecde671765855d9947d057698ac00abf631f90c033888f31387b6bc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in zero-warn-char-class-visualize (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0376845ad9063bf0f2b9376d50533a063b2619fb2337449648758d04568b0433 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in xo-koa-metalsmith-perseus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4bc93d08c628e258a21edbc1a71b39f0d152d7a6764acf3855fe0a3c44f76f60 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...