Lucene search
K

29 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.3 views

Malicious code in @zalastax/nolb-_hyper_fun_fluentui-icon-i (npm)

The package @zalastax/nolb-hyperfunfluentui-icon-i was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.2 views

MAL-2025-10099 Malicious code in @zalastax/nolb-_hyper_fun_fluentui-icon-h (npm)

The package @zalastax/nolb-hyperfunfluentui-icon-h was found to contain malicious code...

7.2AI score
Exploits0
Snyk
Snyk
added 2025/07/28 12:42 p.m.2 views

Cross-site Scripting (XSS)

Overview @fluentui/react-charting is a React web charting controls for Microsoft fluentui system. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the unsecured SVG attribute spreading in the CartesianChart, Legend Shape renderer, and LineChart event annotation...

6.1CVSS5.9AI score
Exploits0References2
OSV
OSV
added 2025/02/27 4:30 a.m.2 views

MAL-2025-1556 Malicious code in fluentui-repo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a946d5d0851f29bedadf8857d3b954ecf93da7aaa8b01cc198063141c739169d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/02/27 4:30 a.m.3 views

Malicious code in fluentui-repo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a946d5d0851f29bedadf8857d3b954ecf93da7aaa8b01cc198063141c739169d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0References1
vulnersOsv
vulnersOsv
added 2022/05/14 12:1 a.m.4 views

@fluentui/bundle-size (>=1.1.3 <=1.1.6), @georgs/beachball (=2.22.0) +17 more potentially affected by CVE-2022-25865 via workspace-tools (>=0.10.3 <=0.16.2)

workspace-tools NPM version =0.10.3, =1.1.3, =0.0.2, =0.0.2, =1.3.0, =0.1.1, =1.2.0, =1.0.3, =0.1.2, =6.1.2, =1.48.2, =0.3.0, =1.0.0, =0.13.0, =1.0.1 and more Source cves: CVE-2022-25865 Source advisory: OSV:GHSA-5875-M6JQ-VF78...

9.8CVSS7.2AI score0.06895EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2022/03/11 10:58 a.m.5 views

@fluentui/bundle-size (>=1.1.3 <=1.1.6), @georgs/beachball (=2.22.0) +17 more potentially affected by CVE-2022-25865 via workspace-tools (>=0.10.3 <=0.16.2)

workspace-tools NPM version =0.10.3, =1.1.3, =0.0.2, =0.0.2, =1.3.0, =0.1.1, =1.2.0, =1.0.3, =0.1.2, =6.1.2, =1.48.2, =0.3.0, =1.0.0, =0.13.0, =1.0.1 and more Source cves: CVE-2022-25865 Source advisory: SNYK:JS-WORKSPACETOOLS-2421201...

9.8CVSS7.2AI score0.06895EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2021/03/01 9:45 a.m.5 views

@fluentui/token-pipeline (>=0.3.3 <=0.22.0), @inmotionnow/momentum-components (>=91.0.0 <=102.34.1) +5 more potentially affected by unknown CVE via style-dictionary (>=2.10.0 <=2.10.2)

style-dictionary NPM version =2.10.0, =0.3.3, =91.0.0, =1.0.2, =0.1.0, =0.0.2, =1.0.0, =1.6.7 - digix-ui =3.0.0 Source cves: unknown CVE Source advisory: SNYK:JS-STYLEDICTIONARY-1080632...

5.8AI score
Exploits0
Snyk
Snyk
added 2020/06/05 12:31 p.m.2 views

Prototype Pollution

Overview @fluentui/styles is a set of styling utilities for CSS-in-JS. Affected versions of this package are vulnerable to Prototype Pollution. The deepmerge function available within the styles package of FluentUI allows one object to merge with another recursively. Given a value such as proto,...

5.6CVSS6.8AI score
Exploits0References2
Rows per page
Query Builder