expr-eval: expr-eval: Prototype Pollution

A prototype pollution flaw was found in expr-eval. An attacker with access to express eval interface can use JavaScript prototype-based inheritance model to achieve arbitrary code execution...

EUVD-2025-175939

Malicious code in titan-despina-zenobia-antares npm...

EUVD-2025-177949

Malicious code in markdown-pdf-jsonp-brane-cross-env npm...

EUVD-2025-134776

Malicious code in anabuyil-na10n-nitnuli npm...

EUVD-2025-140972

Malicious code in kapvino-sodi-vanunds npm...

EUVD-2025-86271

Malicious code in erick-esdoger12-miaww npm...

EUVD-2025-54855

Malicious code in distinctive-aqua-crayfish npm...

MAL-2025-35694 Malicious code in test-mlw2-linns-ceils-movie-hanap (npm)

The package test-mlw2-linns-ceils-movie-hanap was found to contain malicious code...

MAL-2025-7933 Malicious code in @erboladaiteas/voluptatibus-ab (npm)

The package @erboladaiteas/voluptatibus-ab was found to contain malicious code...

The vulnerability of the npm systeminformation package on the Node.js software platform allows a hacker to execute arbitrary commands.

The vulnerability of the npm systeminformation package on Node.js platforms exists due to the lack of measures taken to neutralize special elements used in operating system commands. Exploiting this vulnerability allows an attacker to execute arbitrary commands...

10er10 (=0.23.0), 1405-authtokens (>=1.0.1 <=1.0.5) +8065 more potentially affected by CVE-2016-10539 via negotiator (>=0.2.3 <=0.6.0)

negotiator NPM version =0.2.3, =1.0.1, =1.0.3, =1.0.2, =1.0.0, =0.0.1, =0.2.0, =0.0.1, =0.0.1, =1.0.0, =1.2.9 and more Source cves: CVE-2016-10539 Source advisory: OSV:GHSA-7MC5-CHHP-FMC3...