attr (>=0.0.0 <=0.0.1), door (>=0.0.5 <=0.0.6) +3 more potentially affected by unknown CVE via new-prop (=2.0.0)

new-prop NPM version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on new-prop and may be impacted: - attr =0.0.0, =0.0.5, =0.0.7, =0.0.0, =0.0.0, =0.0.2 Source cves: unknown CVE Source advisory: OSV:MAL-2025-27365...

attr (>=0.0.0 <=0.0.1), door (>=0.0.5 <=0.0.6) +6 more potentially affected by unknown CVE via new-pubsub (>=0.0.3 <=2.0.0)

new-pubsub NPM version =0.0.3, =0.0.0, =0.0.5, =0.0.7, =0.0.0, =0.0.0, =0.0.0, =0.0.2 - watch-array =0.0.4 Source cves: unknown CVE Source advisory: OSV:MAL-2025-27366...

MAL-2025-34764 Malicious code in test-attr (npm)

The package test-attr was found to contain malicious code...

new packages: attr

An update is available for attr. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Enterprise...