135 matches found
MAL-2025-48777 Malicious code in polyfill-corejs3 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f30a9982ee60b989a218dd73482f8e0d5072af0ab17558731b9023ce937e7dd1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Why Unmonitored JavaScript Is Your Biggest Holiday Security Risk
Think your WAF has you covered? Think again. This holiday season, unmonitored JavaScript is a critical oversight allowing attackers to steal payment data while your WAF and intrusion detection systems see nothing. With the 2025 shopping season weeks away, visibility gaps must close now. Get the...
Malicious code in ember-url-hash-polyfill (npm)
The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 99682882eef0dff783a52f47c796529499a9d50c3d9a439d5450d7aa48423351 Any computer that has this package installed or running should be considered fully compromised. All...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...
@crowdstrike/ember-oss-docs (>=1.0.1 <=1.1.8) potentially affected by unknown CVE via ember-url-hash-polyfill (=1.0.11)
ember-url-hash-polyfill NPM version =1.0.11 is affected by a known vulnerability. The following packages have a transitive dependency on ember-url-hash-polyfill and may be impacted: - @crowdstrike/ember-oss-docs =1.0.1, =1.1.8 Source cves: unknown CVE Source advisory:...
Linux Distros Unpatched Vulnerability : CVE-2025-27789
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Babel is a compiler for writing next generation JavaScript. When using versions of Babel prior to 7.26.10 and 8.0.0-alpha.17 to compile regular expression named...
Malicious code in promise-with-resolvers-polyfil (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware aaa40ddd391e49632fb8ff493e7aab475c4004635e41533ea6b7223e96b29f5b Any computer that has this package installed or running should be considered...
Malicious code in promise-with-resolvers-polyfill (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0528ceb046ae14e44bdf2bec076bad873aa1e34dfcd98f1308edc936aad9cb8c Any computer that has this package installed or running should be considered...
MAL-2025-45605 Malicious code in promise-with-resolvers-polyfill (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0528ceb046ae14e44bdf2bec076bad873aa1e34dfcd98f1308edc936aad9cb8c Any computer that has this package installed or running should be considered...
Malicious code in invalid-polyfill-boundary (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 0fbf998b1c11f6a785806e2ab4f0bbbc4da9a95e803f643a497d41215484a11d The OpenSSF Package Analysis project identified 'invalid-polyfill-boundary' @ 99.0.9 npm as malicious. It is considered malicious because: - The...
MAL-2025-41300 Malicious code in invalid-polyfill-boundary (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 0fbf998b1c11f6a785806e2ab4f0bbbc4da9a95e803f643a497d41215484a11d The OpenSSF Package Analysis project identified 'invalid-polyfill-boundary' @ 99.0.9 npm as malicious. It is considered malicious because: - The...
Malicious code in invalid-polyfill-missing (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 295b859cd3be40684c8d7ebb9bc2a3ca4bb969aad8ff1d524948397a3724c444 The OpenSSF Package Analysis project identified 'invalid-polyfill-missing' @ 99.0.9 npm as malicious. It is considered malicious because: - The...
MAL-2025-41301 Malicious code in invalid-polyfill-missing (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 295b859cd3be40684c8d7ebb9bc2a3ca4bb969aad8ff1d524948397a3724c444 The OpenSSF Package Analysis project identified 'invalid-polyfill-missing' @ 99.0.9 npm as malicious. It is considered malicious because: - The...
MAL-2025-41299 Malicious code in invalid-polyfill-boolean (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 494509102be194f3de6962a2ed4e22af22ecab01d9fb1c460b2cf0d93c4e6591 The OpenSSF Package Analysis project identified 'invalid-polyfill-boolean' @ 99.0.9 npm as malicious. It is considered malicious because: - The...
Malicious code in invalid-polyfill-boolean (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 494509102be194f3de6962a2ed4e22af22ecab01d9fb1c460b2cf0d93c4e6591 The OpenSSF Package Analysis project identified 'invalid-polyfill-boolean' @ 99.0.9 npm as malicious. It is considered malicious because: - The...
GHSA-CPQ7-6GPM-G9RC cipher-base is missing type checks, leading to hash rewind and passing on crafted data
Summary This affects e.g. create-hash and crypto-browserify, so I'll describe the issue against that package Also affects create-hmac and other packages Node.js createHash works only on strings or instances of Buffer, TypedArray, or DataView. Missing input type checks in npm create-hash polyfill ...
CVE-2025-9287
An improper input validation vulnerability was found in the cipher-base npm package. Missing input type checks in the polyfill of the Node.js createHash function result in invalid value calculations, hanging and rewinding the hash state, including turning a tagged hash into an untagged hash, for...
Malicious code in polyfill-browser (npm)
The package polyfill-browser was found to contain malicious code...
MAL-2025-29495 Malicious code in polyfill-browser (npm)
The package polyfill-browser was found to contain malicious code...
Security Bulletin: Using untrusted strings with .replace on Babel-compiled regex named capturing groups can lead to performance degradation, which affects IBM watsonx.data
Summary Babel is a compiler for writing next generation JavaScript. When using versions of Babel prior to 7.26.10 and 8.0.0-alpha.17 to compile regular expression named capturing groups, Babel will generate a polyfill for the .replace method that has quadratic complexity on some specific...