EUVD-2025-54888

Malicious code in diplomatic-copper-rabbit npm...

CVE-2025-54888

Fedify is a TypeScript library for building federated server apps powered by ActivityPub. In versions below 1.3.20, 1.4.0-dev.585 through 1.4.12, 1.5.0-dev.636 through 1.5.4, 1.6.0-dev.754 through 1.6.7, 1.7.0-pr.251.885 through 1.7.8 and 1.8.0-dev.909 through 1.8.4, an authentication bypass...

@fedify/botkit (>=0.3.0-dev.125 <=0.3.0-dev.131) potentially affected by CVE-2025-54888 via @fedify/fedify (=1.8.1-dev.1262)

@fedify/fedify NPM version =1.8.1-dev.1262 is affected by a known vulnerability. The following packages have a transitive dependency on @fedify/fedify and may be impacted: - @fedify/botkit =0.3.0-dev.125, =0.3.0-dev.131 Source cves: CVE-2025-54888 Source advisory: SNYK:JS-FEDIFYFEDIFY-11735306...

@fedify/amqp (=0.2.0-dev.12), @fedify/postgres (>=0.3.0 <=0.3.0-dev.22) +1 more potentially affected by CVE-2025-54888 via @fedify/fedify (>=1.5.0-dev.732 <=1.5.0)

@fedify/fedify NPM version =1.5.0-dev.732, =0.3.0, =0.4.0, =0.4.0-dev.19 Source cves: CVE-2025-54888 Source advisory: SNYK:JS-FEDIFYFEDIFY-11735306...

@de-otio/trellis (>=0.4.0 <=0.7.1), @fedify/amqp (>=0.1.0 <=0.2.0-dev.11) +6 more potentially affected by CVE-2025-54888 via @fedify/fedify (>=1.10.0 <=1.10.10)

@fedify/fedify NPM version =1.10.0, =0.4.0, =0.1.0, =0.3.0, =0.3.0, =0.1.0, =0.2.0, =0.0.1, =0.1.0, =1.1.20 Source cves: CVE-2025-54888 Source advisory: SNYK:JS-FEDIFYFEDIFY-11735306...

@de-otio/trellis (>=0.4.0 <=0.7.1), @fedify/amqp (>=0.1.0 <=0.2.0-dev.11) +6 more potentially affected by CVE-2025-54888 via @fedify/fedify (>=0.10.2 <=1.10.10)

@fedify/fedify NPM version =0.10.2, =0.4.0, =0.1.0, =0.3.0, =0.3.0, =0.1.0, =0.1.0, =0.0.1, =0.1.0, =1.1.20 Source cves: CVE-2025-54888 Source advisory: OSV:GHSA-6JCC-XGCR-Q3H4...

@fedify/botkit (>=0.3.0-dev.125 <=0.3.0-dev.131) potentially affected by CVE-2025-54888 via @fedify/fedify (=1.8.1-dev.1262)

@fedify/fedify NPM version =1.8.1-dev.1262 is affected by a known vulnerability. The following packages have a transitive dependency on @fedify/fedify and may be impacted: - @fedify/botkit =0.3.0-dev.125, =0.3.0-dev.131 Source cves: CVE-2025-54888 Source advisory: OSV:GHSA-6JCC-XGCR-Q3H4...

CVE-2025-54888

creationtimestamp| type| source ---|---|--- 2025-08-08 02:23:25+00:00| published-proof-of-concept| https://github.com/fedify-dev/fedify/security/advisories/GHSA-6jcc-xgcr-q3h4 2025-08-08 02:39:46+00:00| seen| https://bsky.app/profile/fedify.hollo.social.ap.brid.gy/post/3lvu7xt6h7xr2 2025-08-08...

IBM Security Verify Information Queue Information Disclosure Vulnerability (CNVD-2022-54888)

IBM Security Verify Information Queue using the acronym "ISIQ" is a cross-product integrator that uses Kafka technology and a publish/subscribe model to integrate data between IBM Security products. Security Verify Information Queue is vulnerable to information disclosure in version 10.0.2. An...