CLEANSTART-2026-NV36169 Security fixes for CVE-2025-61732, CVE-2025-66564, CVE-2025-68121, CVE-2026-24686, CVE-2026-25679, CVE-2026-26958, CVE-2026-27139, CVE-2026-27142, ghsa-fcv2-xgw5-pqxf applied in versions: 0.7.29-r1, 0.7.29-r2

Multiple security vulnerabilities affect the sigstore-scaffolding package. These issues are resolved in later releases. See references for individual vulnerability details...

GHSA-236C-VHJ4-GFXG Duplicate Advisory: Embedded malware in ua-parser-js

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-pjwm-rvh2-c87w. This link is maintained to preserve external references. Original Description A vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0. It has been rated as critical. This issue affects the...

Design/Logic Flaw

A vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0. It has been rated as critical. This issue affects the crypto mining component which introduces a backdoor. Upgrading to version 0.7.30, 0.8.1 and 1.0.1 is able to address this issue. It is recommended to upgrade the affected component...

ua-parser-js 安全漏洞

ua-parser-js is a JavaScript-based parser for User-Agent strings. It can be used in a browser client-side or node.js server-side environment. Can also be used as a jQuery / Zepto plugin , Bower / Meteor package and RequireJS / AMD module . A security vulnerability exists in ua-parser-js npm...

UAParser.js 0.7.29 Embedded Malware

According to its self-reported version number, UAParjser.js is 0.7.29, 0.8.0 or 1.0.0. Therefore, it may be affected by an embedded malicious code vulnerability due to an hijack in the maintainer's NPM account led to including an embedded malicious crypto minor in this package. Specifically, the...