MAL-2026-3314 Malicious code in update-browserslist (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c4a878cc9c9ebf1f260c89d735fe37a0a802bdb61300bc93f018d2e3a8af520 The package update-browserslist was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in update-browserslist (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c4a878cc9c9ebf1f260c89d735fe37a0a802bdb61300bc93f018d2e3a8af520 The package update-browserslist was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-3307 Malicious code in browserslist-db (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f700f90f8bd70ca869ddaf27285327f5a926c28ac9d80cd5c8cad3ac25bb25ab The package browserslist-db was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in browserslist-db (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f700f90f8bd70ca869ddaf27285327f5a926c28ac9d80cd5c8cad3ac25bb25ab The package browserslist-db was found to contain malicious code. Source: ossf-package-analysis...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

@zapier/babel-preset-zapier (>=5.0.0 <=6.4.0), babel-preset-zapier (>=2.0.0 <=4.0.0) +1 more potentially affected by unknown CVE via @zapier/browserslist-config-zapier (=1.0.2)

@zapier/browserslist-config-zapier NPM version =1.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on @zapier/browserslist-config-zapier and may be impacted: - @zapier/babel-preset-zapier =5.0.0, =2.0.0, =4.0.0, =9.0.0 Source cves: unknown CVE Source...

EUVD-2025-198781

Malicious code in @zapier/browserslist-config-zapier npm...

Malicious code in @zapier/browserslist-config-zapier (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a5146756159d44339572781661307fc36bb08adb636158ee54628f774506ae47 The package @zapier/browserslist-config-zapier was found to contain malicious code. Source: ghsa-malware...

@zapier/babel-preset-zapier (>=5.0.0 <=6.4.0), babel-preset-zapier (>=2.0.0 <=4.0.0) +1 more potentially affected by unknown CVE via @zapier/browserslist-config-zapier (=1.0.2)

@zapier/browserslist-config-zapier NPM version =1.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on @zapier/browserslist-config-zapier and may be impacted: - @zapier/babel-preset-zapier =5.0.0, =2.0.0, =4.0.0, =9.0.0 Source cves: unknown CVE Source...

EUVD-2021-1216

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2021-23364

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service ReDoS during parsing of queries. CVE-2021-23364 Not...

MAL-2025-9664 Malicious code in @wisetail/browserslist-config (npm)

The package @wisetail/browserslist-config was found to contain malicious code...

Security Bulletin: IBM Watson Machine Learning Accelerator on Cloud Pak for Data is vulnerable to multiple vulnerabilities

Summary IBM Watson Machine Learning Accelerator on Cloud Pak for Data is affected by opennms-opennms-source-26.0.0-1 dependent packages. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2020-8116 DESCRIPTION: Node.js dot-prop could allow a...

MAL-2023-1512 Malicious code in browserslist-config-usaa (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f08f5ede6b0f56a4b6366c22c4622d7cddc43a2d689f021f8a179e72c2fa6220 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in browserslist-config-usaa (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f08f5ede6b0f56a4b6366c22c4622d7cddc43a2d689f021f8a179e72c2fa6220 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Security Bulletin: Open Source Dependency Vulnerability

Summary IBM Edge Application Manager 4.5 has resolved the vulnerability. Vulnerability Details CVEID:CVE-2021-23364 DESCRIPTION: Browserslist is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS during parsing of queries. By sending a specially-crafted...

Malicious Package

Overview @roots/browserslist-config is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if thi...

Malicious code in browserslist-config-freight-trust (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cf366bc353ddcabf5a3692641c29f85b696be961bd78264a847de2ae63fd0043 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Regular Expression Denial of Service

Overview The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service ReDoS during parsing of queries. Recommendation Upgrade to version 4.16.5 or later References - CVE - GitHub Advisory...

-tompan-reacttemplate (>=1.0.1 <=1.1.0), 0x0.icu.anima (=0.1.0) +12662 more potentially affected by CVE-2021-23364 via browserslist (>=4.0.0 <=4.16.4)

browserslist NPM version =4.0.0, =1.0.1, =1.1.0 - 0x0.icu.anima =0.1.0 - 0xgank-tea-advice-pull =1.0.0 - 0xgank-tea-balance-pencil =1.0.0 - 0xgank-tea-brick-bell =1.0.0 - 0xgank-tea-cake-victory =1.0.0 - 0xgank-tea-central-compound =1.0.0 - 0xgank-tea-characteristic =1.0.0 -...