Security Bulletin: CodeMirror Regex Vulnerability Enables ReDoS Before 5.58.2, affects watsonx.data

Summary This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is located in https://github.com/codemirror/CodeMirror/blob/cdb228ac736369c685865b122b736cd0d397836c/mode/javascript/javascript.jsL129. Th...

Malicious code in codemirror-5 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 788b98a42ba1658c92e6e86494ddd747ab154a01be456dfe9656760bd264fe46 The package codemirror-5 was found to contain malicious code. Source: ghsa-malware 0803dd9e41e867827659b46d2934d1a9700667e0f731dce60093ab5f9457c07f A...

Malicious Package

Overview codemirror-5 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

EUVD-2025-200205

Malicious code in codemirror-5 npm...

MAL-2025-191557 Malicious code in codemirror-5 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 788b98a42ba1658c92e6e86494ddd747ab154a01be456dfe9656760bd264fe46 The package codemirror-5 was found to contain malicious code. Source: ghsa-malware 0803dd9e41e867827659b46d2934d1a9700667e0f731dce60093ab5f9457c07f A...

Security Bulletin: Multiple Vulnerabilities in IBM Decision Optimization for Cloud Pak for Data (CVE-2025-6493, CVE-2025-55163 and CVE-2025-58754)

Summary Multiple Vulnerabilities were addressed in IBM Decision Optimization for Cloud Pak for Data version 5.2.2. Vulnerability Details CVEID:CVE-2025-55163 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and 4.2.4.Final, Netty i...

Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.

Summary Multiple vulnerabilities were addressed in IBM Concert Software version 2.1.0 Vulnerability Details CVEID:CVE-2025-6493 DESCRIPTION: A weakness has been identified in CodeMirror up to 5.65.20. Affected is an unknown function of the file mode/markdown/markdown.js of the component Markdown...

EUVD-2025-37176

Malicious code in epic-angular-ui-codemirror npm...

MAL-2025-49117 Malicious code in epic-angular-ui-codemirror (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 475aba8f9dc17e38dcf35a7e5607ccc07a0b4e095aa0957ee57fdc75d0d4ee8d The package epic-angular-ui-codemirror was found to contain malicious code...

EUVD-2021-0941

Malware in sbrugna...

EUVD-2024-17516

Malicious code in bioql PyPI...

EUVD-2025-28740

Malicious code in bioql PyPI...

Security Bulletin: IBM Watsonx BI is affected by a vulnerability found in CodeMirror up to 5.17.0 and classified as problematic

Summary IBM Watsonx BI is affected by a vulnerability found in CodeMirror up to 5.17.0 and classified as problematic. Affected by this issue is some unknown functionality of the file mode/markdown/markdown.js of the component Markdown Mode. The manipulation leads to inefficient regular expression...

angular-fusioncharts (=4.1.0), dpv-angular (>=0.0.17 <=0.0.41) +3 more potentially affected by unknown CVE via @ctrl/ngx-codemirror (=7.0.0)

@ctrl/ngx-codemirror NPM version =7.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on @ctrl/ngx-codemirror and may be impacted: - angular-fusioncharts =4.1.0 - dpv-angular =0.0.17, =0.0.1, =0.0.1, =1.0.1 Source cves: unknown CVE Source advisory:...

Embedded Malicious Code

Overview @ctrl/ngx-codemirror is a Codemirror Wrapper for Angular Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API...

Linux Distros Unpatched Vulnerability : CVE-2025-6493

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A weakness has been identified in CodeMirror up to 5.65.20. Affected is an unknown function of the file mode/markdown/markdown.js of the component Markdown Mode...

Linux Distros Unpatched Vulnerability : CVE-2020-7760

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is locate...

Security Bulletin: Vulnerabilities in CodeMirror affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in CodeMirror has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-6493 DESCRIPTION: A...

CVE-2025-6493

A flaw was found in codemirror. The markdown.js file within the Markdown Mode component exhibits inefficient regular expression usage, leading to excessive resource consumption. This flaw allows a remote attacker to provide a specially crafted file. This inefficient processing can result in a...

org.apache.marmotta:marmotta-ldpath (=3.1.0-incubating), org.apache.marmotta:marmotta-sparql (=3.1.0-incubating) potentially affected by CVE-2025-6493 via org.apache.marmotta.webjars:codemirror (=3.1.0-incubating)

org.apache.marmotta.webjars:codemirror MAVEN version =3.1.0-incubating is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.marmotta.webjars:codemirror and may be impacted: - org.apache.marmotta:marmotta-ldpath =3.1.0-incubating -...