TencentOS Server 3: nodejs:16 (TSSA-2024:0107)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0107 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

AWS Advanced NodeJS Wrapper: Privilege Escalation in Aurora PostgreSQL instance

Description of Vulnerability: An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rdssuperuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service RDS...

EUVD-2025-177555

Malicious code in nodejs-oberon-ignite-node-sass npm...

EUVD-2025-177557

Malicious code in nodejs-csrf-sagitta-materialize npm...

EUVD-2025-175432

Malicious code in zenith-algol-nodejs-pegasus npm...

MAL-2025-188325 Malicious code in nodejs-csrf-sagitta-materialize (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55b4a0d0f7ff3dd984df6f9575fd59892f7044b99a492bdad2834ae0362abd51 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-124520

Malicious code in nestjs-nodejs-electron-builder-auth npm...

EUVD-2025-112671

Malicious code in hydra-eslint-config-nodejs-triton npm...

Malicious code in nodejs-frontend-sync-command (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 46ae7bd01528ae4eb0e9b0708506f1ef7e24e2a6f8bcb754efa14557a29756e1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-116561

Malicious code in aquarius-nodejs-electron-registry npm...

EUVD-2025-124352

Malicious code in nodejs-javascript-winston-aether npm...

EUVD-2025-122909

Malicious code in radiant-development-eslint-plugin-nodejs npm...

EUVD-2025-105252

Malicious code in finalshrimpz3n npm...

EUVD-2025-77860

Malicious code in ytterbiccondorz3n npm...

EUVD-2025-69189

Malicious code in lutfi-telurtahu88-ruro npm...

CLSA-2025-1762361695 nodejs: Fix of CVE-2023-39333

CVE-2023-39333: fix maliciously crafted export names injection of JavaScript code...

Astra Linux - уязвимость в python-urllib3

urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the JavaScript Fetch API or falling back on XMLHttpRequest. This means...

Security Bulletin: multiple vulerability in IBM Spectrum Symphony with Node.js

Summary multiple vulerability in IBM Spectrum Symphony with Node.js Vulnerability Details CVEID:CVE-2024-27982 DESCRIPTION: The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling...

Malicious Package Injection

DuckDB is vulnerable to malicious package injection. The vulnerability is due to unauthorized access and compromise of the npm package publishing process, which allowed an attacker to upload malicious versions of DuckDB’s Node.js packages containing code that interfered with cryptocurrency...

Stealit Malware Using Node.js to Hide in Fake Game and VPN Installers

Fortinet warns of Stealit, a MaaS infostealer, now targeting Windows systems and evading detection by using Node.js’s SEA feature while hiding in fake game and VPN installers...