CVE-2025-58754 Axios is vulnerable to DoS attack through lack of data size check

Axios is a promise based HTTP client for the browser and Node.js. When Axios starting in version 0.28.0 and prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a URL with the data: scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory...

CLSA-2025-1757609292 nodejs: Fix of CVE-2024-22025

CVE-2024-22025: fix resource exhaustion DoS vulnerability in fetch function...

CVE-2025-23167 vulnerabilities

Vulnerabilities for packages: nodejs...

CVE-2025-23165 vulnerabilities

Vulnerabilities for packages: nodejs...

GHSA-GCF6-VGCR-474F vulnerabilities

Vulnerabilities for packages: nodejs...

CVE-2025-23166 vulnerabilities

Vulnerabilities for packages: nodejs...

GHSA-HCHW-QWX7-4W4C vulnerabilities

Vulnerabilities for packages: nodejs...

CVE-2025-23165 vulnerabilities

Vulnerabilities for packages: nodejs...

CVE-2025-23167 vulnerabilities

Vulnerabilities for packages: nodejs...

GHSA-RRJV-57MM-J6CM vulnerabilities

Vulnerabilities for packages: nodejs...

GHSA-HCHW-QWX7-4W4C vulnerabilities

Vulnerabilities for packages: nodejs...

GHSA-GCF6-VGCR-474F vulnerabilities

Vulnerabilities for packages: nodejs...

Linux Distros Unpatched Vulnerability : CVE-2014-7192

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rational Application Developer and other...

CVE-2025-59046 interactive-git-checkout has Command Injection vulnerability

The npm package interactive-git-checkout is an interactive command-line tool that allows users to checkout a git branch while it prompts for the branch name on the command-line. It is available as an npm package and can be installed via npm install -g interactive-git-checkout. Versions up to and...

PT-2025-36966

Name of the Vulnerable Software and Affected Versions: DuckDB versions 1.3.3 @duckdb/node-api version 1.3.3 @duckdb/node-bindings version 1.3.3 @duckdb/duckdb-wasm version 1.29.2 Description: DuckDB packages distributed for Node.js on npm were compromised with malware intended to interfere with...

CVE-2025-54994 @akoskm/create-mcp-server-stdio has Command Injection in MCP Server due to unsafe `exec` API

@akoskm/create-mcp-server-stdio is an MCP server starter kit that uses the StdioServerTransport. Prior to version 0.0.13, the MCP Server is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. The MCP...

Malicious code in boson-nodejs-jupiter-robotics (npm)

The package boson-nodejs-jupiter-robotics was found to contain malicious code...

Malicious code in bulma-nodejs-achernar-farout (npm)

The package bulma-nodejs-achernar-farout was found to contain malicious code...

Malicious code in izar-magellan-readable-nodejs (npm)

The package izar-magellan-readable-nodejs was found to contain malicious code...

Malicious code in kssd-vol2-rev (npm)

The package kssd-vol2-rev was found to contain malicious code...