Malicious code in cz-conventional-changelog-heliophysics-carpo-mocha (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 87b43b39469f3044ffca305f0206cc9adcde03611a0fd8cf39b08d0230171522 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-185671 Malicious code in authenticate-scale-analyze-book-scale (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d038c7d079b519f31ce6b09657db6765d1d0007fe0b8bd295d08d7806e81e80a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186423 Malicious code in css-minimizer-webpack-plugin-phoebe-biogeochemistry-lint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d7e88aea6bc6d5bdfac3ccf178293c7fd3391a33d7bd847a88e2bed3c2f2efc7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-189950 Malicious code in toml-slidev-nebula-antares (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector acc9ce901d26d00fd31e986b417688de1d5bf8b92f291024badd653d3d19808a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188086 Malicious code in miranda-yildun-zooarchaeology-bionics (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aeb6e52bc7a803ec59fb5ea57adb0ca8c9134ad7981072a5e09e122835a6c2e4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188370 Malicious code in nuxtjs-enceladus-miranda-jasmine (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d1b43759d17c66985697b3c9e19ac0173377814fe579478b446243f3da452a55 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-189044 Malicious code in quick-info-star-new-import (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ff8d2af4a7471f80995ba4591bc1d021217434d34977fb94879b5ed115d965a3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-185433 Malicious code in alpha-integer-pi-assert-export (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a34951bfb26b2bf73403b5a41d1b38d6088c5a6558b84230cd7bb1e901125fa This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-185591 Malicious code in astrobiology-loopback-hermes-duplex (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 86c1988f451cfa884062cc5ace32bd4d584c3db831f89eb5d23883e30f4780e3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186928 Malicious code in express-proxima-websockets-leda (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3ee0a304fa501650f89077e1daec98bbd0bb5ef6a4cceac9cecb13c6ac45490f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188021 Malicious code in meteor-dysonswarm-geckodriver-grus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a885a9e540e123aba57de65173041c29a0894ea5ce3a14b3f8c7ef0369341f4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-190026 Malicious code in uglify-js-leda-epigenetics-speleology (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 67586f8742dc103f40eb465d756f50d3098020003859de251acf521976caadff This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-190435 Malicious code in yildun-tethys-eigenstate-alphard (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3dfb5572647b96464a1f3e39c484590bfd31b4080357b71e3ef90b4032612c27 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-190410 Malicious code in xo-nightmare-magellan-eslint-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f0b83fee59dd650042e6adedb72297944d892fb054fc0abc747385fdae4e758 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188945 Malicious code in publish-alphard-convict-halley (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b33c2a363ef96b131f8808426949e15ed28221d6374dc4b5c021fcd973e62636 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-190259 Malicious code in webdriver-manager-cosmos-mongoose-got (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 40fa86b786f980c3c1320b01efae8acafc5bf76d1ad8447eb7724e805a945ff8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-190260 Malicious code in webdriver-manager-deneb-nconf-outercore (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d5856dc3105bafd0bd895c339e371e97000f404e871ca844f86c47c579ae39d6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-190437 Malicious code in yonder-less-loader-ini-auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64d24be310a09fbc0c9ea69c806f48c32bc74d179f2b3b70aedfed17bb573b41 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-189414 Malicious code in sedna-nextjs-baryon-ceres (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c372bfc802c3d8de2a8e6f537654c60617806df7468bb0d8680d7c951323a61 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

PT-2025-46917

Name of the Vulnerable Software and Affected Versions grist-core versions prior to 1.7.7 Description grist-core is a spreadsheet hosting server. A user with limited read access to a document could access endpoints that reveal hashes for different versions of the document and obtain a complete lis...