2 matches found
CVE-2025-66219
willitmerge is a command line tool to check if pull requests are mergeable. In versions 0.2.1 and prior, there is a command Injection vulnerability in willitmerge. The vulnerability manifests in this package due to the use of insecure child process execution API exec to which it concatenates user...
@bigab/gulp-testee (>=0.0.1 <=0.0.2), books-fe-polymer-dev-sample (=1.0.0) +13 more potentially affected by CVE-2021-23330 via launchpad (>=0.2.1 <=0.7.5)
launchpad NPM version =0.2.1, =0.0.1, =0.3.1, =0.0.1, =0.0.1, =1.0.1, =0.2.0, =0.0.1, =0.0.5, =2.0.15, =1.0.1, =2.0.3, =3.4.2 Source cves: CVE-2021-23330 Source advisory: SNYK:JS-LAUNCHPAD-1044065...