183233 matches found
npm ansi_up v4 - Cross-Site Scripting
npm package ansiup v4 is vulnerable to cross-site scripting because ANSI escape codes can be used to create HTML hyperlinks. id: CVE-2021-3377 info: name: npm ansiup v4 - Cross-Site Scripting author: geeknik severity: medium description: npm package ansiup v4 is vulnerable to cross-site scripting...
Netmask NPM Package - Server-Side Request Forgery
Netmask NPM Package is susceptible to server-side request forgery because of improper input validation of octal strings in netmask npm package. This allows unauthenticated remote attackers to perform indeterminate SSRF, remote file inclusion, and local file inclusion attacks on many of the...
CVE-2025-65122
Regex Denial of Service in youtube-regex npm package through version 1.0.5...
CVE-2026-42994
Bitwarden CLI 2026.4.0 from 2026-04-22T21:57Z to 2026-04-22T23:30Z, when obtained from npm, had embedded malicious code. This is related to a Checkmarx supply chain incident...
Miasma Malware Hits 32 Red Hat Packages via Compromised GitHub Account
32 Red Hat npm packages compromised by Miasma malware expose cloud tokens, CI/CD secrets and developer credentials in supply chain attack...
ROOT-APP-NPM-CVE-2021-3795 CVE-2021-3795 in @rootio/semver-regex - Patched by Root
Root has patched CVE-2021-3795 in the @rootio/semver-regex package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2021-43307 CVE-2021-43307 in @rootio/semver-regex - Patched by Root
Root has patched CVE-2021-43307 in the @rootio/semver-regex package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-33896 CVE-2026-33896 in @rootio/node-forge - Patched by Root
Root has patched CVE-2026-33896 in the @rootio/node-forge package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-33894 CVE-2026-33894 in @rootio/node-forge - Patched by Root
Root has patched CVE-2026-33894 in the @rootio/node-forge package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2025-66031 CVE-2025-66031 in @rootio/node-forge - Patched by Root
Root has patched CVE-2025-66031 in the @rootio/node-forge package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-33891 CVE-2026-33891 in @rootio/node-forge - Patched by Root
Root has patched CVE-2026-33891 in the @rootio/node-forge package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2021-23337 CVE-2021-23337 in @rootio/lodash.template - Patched by Root
Root has patched CVE-2021-23337 in the @rootio/lodash.template package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-44728 CVE-2026-44728 in @rootio/babel__plugin-transform-modules-systemjs - Patched by Root
Root has patched CVE-2026-44728 in the @rootio/babelplugin-transform-modules-systemjs package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-2739 CVE-2026-2739 in @rootio/bn.js - Patched by Root
Root has patched CVE-2026-2739 in the @rootio/bn.js package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2025-62718 CVE-2025-62718 in @rootio/axios - Patched by Root
Root has patched CVE-2025-62718 in the @rootio/axios package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-25639 CVE-2026-25639 in @rootio/axios - Patched by Root
Root has patched CVE-2026-25639 in the @rootio/axios package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-42044 CVE-2026-42044 in @rootio/axios - Patched by Root
Root has patched CVE-2026-42044 in the @rootio/axios package for Root:npm. Multiple fixed versions available...
MAL-2026-5268 Malicious code in ulid-os (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b6ef4088107b64693d6c1dfa04be004ad1e19b3d34737d7b79b96b21701a5e7f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in ulid-os (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b6ef4088107b64693d6c1dfa04be004ad1e19b3d34737d7b79b96b21701a5e7f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
ROOT-APP-NPM-CVE-2025-1302 CVE-2025-1302 in @rootio/jsonpath-plus - Patched by Root
Root has patched CVE-2025-1302 in the @rootio/jsonpath-plus package for Root:npm. Multiple fixed versions available...