92 matches found
Security Bulletin: CodeMirror Regex Vulnerability Enables ReDoS Before 5.58.2, affects watsonx.data
Summary This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is located in https://github.com/codemirror/CodeMirror/blob/cdb228ac736369c685865b122b736cd0d397836c/mode/javascript/javascript.jsL129. Th...
Malicious Package
Overview codemirror-5 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MAL-2025-191557 Malicious code in codemirror-5 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 788b98a42ba1658c92e6e86494ddd747ab154a01be456dfe9656760bd264fe46 The package codemirror-5 was found to contain malicious code. Source: ghsa-malware 0803dd9e41e867827659b46d2934d1a9700667e0f731dce60093ab5f9457c07f A...
Malicious code in codemirror-5 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 788b98a42ba1658c92e6e86494ddd747ab154a01be456dfe9656760bd264fe46 The package codemirror-5 was found to contain malicious code. Source: ghsa-malware 0803dd9e41e867827659b46d2934d1a9700667e0f731dce60093ab5f9457c07f A...
EUVD-2025-200205
Malicious code in codemirror-5 npm...
Security Bulletin: Multiple Vulnerabilities in IBM Decision Optimization for Cloud Pak for Data (CVE-2025-6493, CVE-2025-55163 and CVE-2025-58754)
Summary Multiple Vulnerabilities were addressed in IBM Decision Optimization for Cloud Pak for Data version 5.2.2. Vulnerability Details CVEID:CVE-2025-55163 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and 4.2.4.Final, Netty i...
Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.
Summary Multiple vulnerabilities were addressed in IBM Concert Software version 2.1.0 Vulnerability Details CVEID:CVE-2025-6493 DESCRIPTION: A weakness has been identified in CodeMirror up to 5.65.20. Affected is an unknown function of the file mode/markdown/markdown.js of the component Markdown...
EUVD-2025-37176
Malicious code in epic-angular-ui-codemirror npm...
MAL-2025-49117 Malicious code in epic-angular-ui-codemirror (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 475aba8f9dc17e38dcf35a7e5607ccc07a0b4e095aa0957ee57fdc75d0d4ee8d The package epic-angular-ui-codemirror was found to contain malicious code...
EUVD-2021-0941
Malware in sbrugna...
EUVD-2024-17516
Malicious code in bioql PyPI...
EUVD-2025-28740
Malicious code in bioql PyPI...
Security Bulletin: IBM Watsonx BI is affected by a vulnerability found in CodeMirror up to 5.17.0 and classified as problematic
Summary IBM Watsonx BI is affected by a vulnerability found in CodeMirror up to 5.17.0 and classified as problematic. Affected by this issue is some unknown functionality of the file mode/markdown/markdown.js of the component Markdown Mode. The manipulation leads to inefficient regular expression...
Embedded Malicious Code
Overview @ctrl/ngx-codemirror is a Codemirror Wrapper for Angular Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API...
angular-fusioncharts (=4.1.0), dpv-angular (>=0.0.17 <=0.0.41) +3 more potentially affected by unknown CVE via @ctrl/ngx-codemirror (=7.0.0)
@ctrl/ngx-codemirror NPM version =7.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on @ctrl/ngx-codemirror and may be impacted: - angular-fusioncharts =4.1.0 - dpv-angular =0.0.17, =0.0.1, =0.0.1, =1.0.1 Source cves: unknown CVE Source advisory:...
Linux Distros Unpatched Vulnerability : CVE-2025-6493
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A weakness has been identified in CodeMirror up to 5.65.20. Affected is an unknown function of the file mode/markdown/markdown.js of the component Markdown Mode...
Linux Distros Unpatched Vulnerability : CVE-2020-7760
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is locate...
Security Bulletin: Vulnerabilities in CodeMirror affects IBM watsonx Orchestrate with watsonx Assistant Cartridge
Summary Potential vulnerability in CodeMirror has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-6493 DESCRIPTION: A...
CVE-2025-6493
A flaw was found in codemirror. The markdown.js file within the Markdown Mode component exhibits inefficient regular expression usage, leading to excessive resource consumption. This flaw allows a remote attacker to provide a specially crafted file. This inefficient processing can result in a...
Regular Expression Denial of Service (ReDoS)
Overview org.webjars.bowergithub.codemirror:codemirror is a versatile text editor implemented in JavaScript for the browser. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via multiple locations in markdown.js. An attacker can cause excessive resour...