40123 matches found
Longitudinal Analyses of SAST Tools: A CodeQL Case Study
Open-source software OSS pipelines rely on automated static analysis tools to prevent the introduction of vulnerabilities in code. However, there is limited understanding of the efficacy of these tools across the OSS ecosystem over time. In this paper, we introduce a novel method to evaluate stat...
CVE-2025-64753
grist-core is a spreadsheet hosting server. Prior to version 1.7.7, a user with only partial read access to a document could still access endpoints listing hashes for versions of that document and receive a full list of changes between versions, even if those changes contained cells, columns, or...
Malicious code in wind-phi-pi-zeta-virtualize (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9d7ec2ba0faecdde08cbfe67ccc207c1a3d89f35b8a87f571b29483b2bee8ed7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in vortex-auth0-string-holography (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d4b12f620e4fb06f261bdd80d409124bb22468e54001e0012b822d68da3e2741 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in daemon-function-throw-file-dog (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c5a73e261a4f17a185bcca6a3ab3abc503be436cc2631043966eea2b64c29a97 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in helios-cressida-biogeochemistry-halley (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0768619dd13d60c867707b16965714e491fc15a027c1e3dec26fee22674eabd1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in kronos-inquirer-promise-dactyl (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 061924477c364a15646e4464bbe03fb996300c139bfe1c00cc40eef390aa71a4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in darkmatter-build-kuiperbelt-xanthus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 93483a80d5db917b2f3fe12b078b1cee95149534d194f3f15649c715de1c34e1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in australis-prosthetics-cygnus-xerxes (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a2c7f44f8a1fc4bee8f9c950dc48f3fe4c5d0ada66b921fdecb7432b24e85745 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in areology-polaris-gatsby-phoebe (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5b703fe4c7e4dcddf7c314d7abd66fa38950215c0f1ce19c252e7a5a8c1ca487 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in unix-zeta-star-execute-uglify (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c33862756501024f2e8c14ac92df950c1c78a5d1a0d95d1979c172205a8430db This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in easy-interpret-big-proxy-scale (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 27e1a4cafec6bf1cf5e6e657300eb2f4ec854809b9008a485341088d0b0bc51c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in miranda-borealis-nova-dotenv-safe (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 91dfceb96c2bb4d76d95411a0920184fcb12cc9d7aa77518302845bae0a3e6a5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in update-proxima-xenobiology-sqlite (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a389c341f2920c0cd511d5980bc1b6da96ec9cd4958b7970e42dd5802fffa3a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in virgo-build-equinox-init (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9961e2c6deaa43a8d67fbb4833931e4dc8d80f69499fa9dc63c9ee7d592e7c3b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in gammarayburst-venus-tectonophysics-colors (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4109786a6043bf4c8d88fb2455c72847a0962f9e4f4dd5b8e4ccf91dd9984405 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in corvus-darkmatter-titan-version (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0ee347a8414e37c2db0dd852e5fcce8e90db1d785146cb6c111173d9d2a5b048 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in meta-load-thread-grep-decompress (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 109caf8ad26be27a56c9b5d71584ee315b90d7198b132c76436f93ddeb1a2f10 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in web-yaml-analyze-finally-short (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2808c21bacd5df0f6089eb0eddf3fb650035c91714558ba396f5e216b8d51a33 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in sedna-geodynamo-holography-paleontology (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 161eeb2af5e07a48c3afcc0c4cb1ffb743e291005e4a004fc3d14e91464f24b5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...