2 matches found
K000157932: NPM vulnerabilities CVE-2025-59037, CVE-2025-59038, and CVE-2025-59039
Security Advisory Description CVE-2025-59037 DuckDB is an analytical in-process SQL database management system. On 08 September 2025, the DuckDB distribution for Node.js on npm was compromised with malware along with several other packages. An attacker published new versions of four of DuckDB's...
CVE-2025-59038 Prebid.js NPM package briefly compromised
Prebid.js is a free and open source library for publishers to quickly implement header bidding. NPM users of prebid 10.9.2 may have been briefly compromised by a malware campaign. The malicious code attempts to redirect crypto transactions on the site to the attackers' wallet. Version 10.10.0 fix...