2986 matches found
January 13, 2026—KB5073697 (Monthly Rollup)
None None...
Security Bulletin: Multiple vulnerabilities in IBM Controller
Summary Multiple vulnerabilities were addressed in IBM Controller. Vulnerability Details CVEID:CVE-2024-4067 DESCRIPTION: The NPM package micromatch prior to 4.0.8 is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability occurs in micromatch.braces in index.js because the...
December 18, 2025—KB5074978 (Monthly Rollup) Out-of-band
None None...
December 9, 2025—KB5071501 (Monthly Rollup)
None None...
November 11, 2025—KB5068904 (Monthly Rollup)
None None...
November 11, 2025—KB5068907 (Monthly Rollup)
None None...
December 9, 2025—KB5071505 (Monthly Rollup)
None None...
November 11, 2025—KB5068906 (Monthly Rollup)
None None...
December 9, 2025—KB5071503 (Monthly Rollup)
None None...
EUVD-2025-201290
Taiko Alethia is an Ethereum-equivalent, permissionless, based rollup designed to scale Ethereum without compromising its fundamental properties. In 2.3.1 and earlier, TaikoInbox.verifyBatches packages/protocol/contracts/layer1/based/TaikoInbox.sol:627-678 advanced the local tid to whatever...
CVE-2025-66559
CVE-2025-66559 affects Taiko Alethia (2.3.1 and earlier) due to a bug in TaikoInbox._verifyBatches: the function advances the local tid to a transition that matches the current blockHash before batch verification completes. If the verification loop breaks (e.g., cooldown window not passed or tran...
Enhancing the Security of Rollup Sequencers Using Decentrally Attested TEEs
The growing scalability demand of public Blockchains led to the rise of Layer-2 solutions, such as Rollups. Rollups improve transaction throughput by processing operations off-chain and posting the results on-chain. A critical component in Rollups is the Sequencer, responsible for receiving,...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Malicious code in rollup-plugin-httpfile (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2bf613b52797ec3ff23536082d58a6d97dc4c672dfeecf2dc2ce21709ff8cdf7 The package rollup-plugin-httpfile was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-198818
Malicious code in rollup-plugin-httpfile npm...
MAL-2025-190858 Malicious code in rollup-plugin-httpfile (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2bf613b52797ec3ff23536082d58a6d97dc4c672dfeecf2dc2ce21709ff8cdf7 The package rollup-plugin-httpfile was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-175918
Malicious code in tool-pino-xenos-rollup npm...
EUVD-2025-175537
Malicious code in winston-polaris-rollup-despina npm...
Malicious code in markdownlint-rollup-loglevel-toml (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bbc9bcd9f7f8ab3bac1cfef2c4e32342014982407e7e69dedb4ebd4e42256d0e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-178503
Malicious code in html-webpack-plugin-version-vulcan-rollup npm...