Malicious code in uglify-js-forever-equinox-nodejs (npm)

The package uglify-js-forever-equinox-nodejs was found to contain malicious code...

Malicious code in winston-loopback-nodejs-bulma (npm)

The package winston-loopback-nodejs-bulma was found to contain malicious code...

MAL-2025-43646 Malicious code in boson-nodejs-jupiter-robotics (npm)

The package boson-nodejs-jupiter-robotics was found to contain malicious code...

MAL-2025-45794 Malicious code in release-it-prettier-nodejs-fornax (npm)

The package release-it-prettier-nodejs-fornax was found to contain malicious code...

Malicious code in bulma-nodejs-achernar-farout (npm)

The package bulma-nodejs-achernar-farout was found to contain malicious code...

MAL-2025-43676 Malicious code in bulma-nodejs-achernar-farout (npm)

The package bulma-nodejs-achernar-farout was found to contain malicious code...

MAL-2025-46436 Malicious code in uglify-js-forever-equinox-nodejs (npm)

The package uglify-js-forever-equinox-nodejs was found to contain malicious code...

MAL-2025-42965 Malicious code in @trp-ta-nitro/secrets-nodejs (npm)

The package @trp-ta-nitro/secrets-nodejs was found to contain malicious code...

MAL-2025-46278 Malicious code in test-mlw2-borde-reest-lazed-cocas (npm)

The package test-mlw2-borde-reest-lazed-cocas was found to contain malicious code...

MAL-2025-44700 Malicious code in ini-nodejs-speleology-filament (npm)

The package ini-nodejs-speleology-filament was found to contain malicious code...

Malicious code in nodejs-smtp (npm)

The package nodejs-smtp was found to contain malicious code...

MAL-2025-42186 Malicious code in @amiga-fwk-nodejs/metrics (npm)

The package @amiga-fwk-nodejs/metrics was found to contain malicious code...

MAL-2025-45337 Malicious code in nodejs-smtp (npm)

The package nodejs-smtp was found to contain malicious code...

urllib3 does not control redirects in browsers and Node.js

...

A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. Node.js Permission Model do not operate on file descriptors, however, operations such as fs.fchown or fs.fchmod can use a "read-only" file descriptor to change the owner and permissions of a file.

...

CVE-2025-58047

Volto is a React based frontend for the Plone Content Management System. In versions from 19.0.0-alpha.1 to before 19.0.0-alpha.4, 18.0.0 to before 18.24.0, 17.0.0 to before 17.22.1, and prior to 16.34.0, an anonymous user could cause the NodeJS server part of Volto to quit with an error when...

Linux Distros Unpatched Vulnerability : CVE-2021-42740

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to...

Linux Distros Unpatched Vulnerability : CVE-2018-7158

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The 'path' module in the Node.js 4.x release line contains a potential regular expression denial of service ReDoS vector. The code in question was replaced in...

[SECURITY] [DSA 5991-1] nodejs security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5991-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 29, 2025 https://www.debian.org/security/faq -...

Malicious Package

Overview nodejs-smtp is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...