4 matches found
K000157932: NPM vulnerabilities CVE-2025-59037, CVE-2025-59038, and CVE-2025-59039
Security Advisory Description CVE-2025-59037 DuckDB is an analytical in-process SQL database management system. On 08 September 2025, the DuckDB distribution for Node.js on npm was compromised with malware along with several other packages. An attacker published new versions of four of DuckDB's...
CVE-2025-59039
Prebid Universal Creative PUC is a JavaScript API to render multiple formats. Npm users of PUC 1.17.3 or PUC latest were briefly affected by crypto-related malware. This includes the extremely popular jsdelivr hosting of this file. The maintainers of PUC unpublished version 1.17.3. Users should s...
CVE-2025-59039
creationtimestamp| type| source ---|---|--- 2025-09-10 01:23:56+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lyh355hdr32p 2025-09-10 13:18:37+00:00| seen| https://vulnerability.circl.lu/bundle/289697c2-61dc-410f-8343-aba0be87728d...
CVE-2025-59039 Prebid Universal Creative on npm briefly compromised
Prebid Universal Creative PUC is a JavaScript API to render multiple formats. Npm users of PUC 1.17.3 or PUC latest were briefly affected by crypto-related malware. This includes the extremely popular jsdelivr hosting of this file. The maintainers of PUC unpublished version 1.17.3. Users should s...