EUVD-2010-1449

Malware in sbrugna...

EUVD-2011-2720

Malware in sbrugna...

EUVD-2017-17806

Malware in sbrugna...

EUVD-2017-11422

Malware in sbrugna...

EUVD-2002-0807

Malware in sbrugna...

EUVD-2008-5883

Malware in sbrugna...

EUVD-2019-7050

Malware in sbrugna...

EUVD-2022-7004

Malicious code in bioql PyPI...

EUVD-2023-41171

Malicious code in bioql PyPI...

EUVD-2024-3226

Malicious code in bioql PyPI...

EUVD-2023-2643

Malicious code in bioql PyPI...

EUVD-2022-43487

Malicious code in bioql PyPI...

EUVD-2024-2676

Malicious code in bioql PyPI...

EUVD-2022-5701

Malicious code in bioql PyPI...

algeb (>=1.0.0 <=5.4.0), anys (>=0.0.1 <=9.0.0) +37 more potentially affected by CVE-2025-57351 via ts-fns (>=0.0.11 <=9.3.2)

ts-fns NPM version =0.0.11, =1.0.0, =0.0.1, =0.0.1, =1.1.0, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.2, =9.0.0 and more Source cves: CVE-2025-57351 Source advisory: SNYK:JS-TSFNS-13109930...

s-collection.js (=1.0.0) potentially affected by unknown CVE via lodash.js (=0.0.1-security)

lodash.js NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on lodash.js and may be impacted: - s-collection.js =1.0.0 Source cves: unknown CVE Source advisory: OSV:MAL-2025-25506...

CVE-2025-54803 js-toml is vulnerable to Prototype Pollution

js-toml is a TOML parser for JavaScript, fully compliant with the TOML 1.0.0 Spec. In versions below 1.0.2, a prototype pollution vulnerability in js-toml allows a remote attacker to add or modify properties of the global Object.prototype by parsing a maliciously crafted TOML input. This is fixed...

CVE-2025-3466

langgenius/dify versions 1.1.0 to 1.1.2 are vulnerable to unsanitized input in the code node, allowing execution of arbitrary code with full root permissions. The vulnerability arises from the ability to override global functions in JavaScript, such as parseInt, before sandbox security restrictio...

CVE-2025-3466

CVE-2025-3466 affects langgenius/dify versions 1.1.0–1.1.2. Root cause is unsanitized input in the code node that enables overriding global JavaScript functions (e.g., parseInt) before sandbox restrictions, allowing arbitrary code execution with full root permissions. Documented impact includes a...

CVE-2023-32340

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...