1shot (>=0.0.3 <=0.0.9), @4via6/relay (>=1.0.0 <=1.1.3) +221 more potentially affected by CVE-2025-66032 via @anthropic-ai/claude-code (>=0.2.126 <=1.0.90)

@anthropic-ai/claude-code NPM version =0.2.126, =0.0.3, =1.0.0, =0.1.18, =1.0.0, =0.4.0, =0.2.3, =0.0.1, =0.0.1, =0.0.55, =0.0.69 - @brandongtr/rule-agent-cli =1.0.1-beta.0 and more Source cves: CVE-2025-66032 Source advisory: OSV:GHSA-XQ4M-MC3C-VVG3...

EUVD-2022-4507

Malicious code in bioql PyPI...

Joplin Cross-Site Scripting Vulnerability

Joplin is an open source document note-taking application based on the Markdown format. The program supports copying, marking and modification of text and so on. A cross-site scripting vulnerability exists in the Note content field in versions of Joplin prior to 1.0.90. A remote attacker can...

Cross site scripting

Joplin version prior to 1.0.90 contains a XSS evolving into code execution due to enabled nodeIntegration for that particular BrowserWindow instance where XSS was identified from vulnerability in Note content field - information on the fix can be found here...

CVE-2018-1000534

Joplin version prior to 1.0.90 contains a XSS evolving into code execution due to enabled nodeIntegration for that particular BrowserWindow instance where XSS was identified from vulnerability in Note content field - information on the fix can be found here...