2 matches found
create-bamboo (>=1.0.1 <=1.0.2) potentially affected by unknown CVE via bamboo-init (=1.0.7)
bamboo-init NPM version =1.0.7 is affected by a known vulnerability. The following packages have a transitive dependency on bamboo-init and may be impacted: - create-bamboo =1.0.1, =1.0.2 Source cves: unknown CVE Source advisory: OSV:MAL-2025-50934...
GHSA-3J7M-5G4Q-GFPC TinyEnv: Missing .env file not required — may cause unexpected behavior
Impact TinyEnv did not require the .env file to exist when loading environment variables. This could lead to unexpected behavior where the application silently ignores missing configuration, potentially causing insecure defaults or deployment misconfigurations. Affected versions: - 1.0.1 → 1.0.2 ...