cjs-biginteger (=5.0.5) potentially affected by unknown CVE via ts-lint-builds (=1.0.5)

ts-lint-builds NPM version =1.0.5 is affected by a known vulnerability. The following packages have a transitive dependency on ts-lint-builds and may be impacted: - cjs-biginteger =5.0.5 Source cves: unknown CVE Source advisory: OSV:MAL-2026-2883...

MAL-2026-2882 Malicious code in cjs-biginteger (npm)

big.js typosquat campaign - SSH backdoor implantation, credential and crypto wallet theft --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ad18a38aa59b5edbd05dbdf229f4d013446f970fe18b41e54ffc1c24a926d2bd The package cjs-biginteger was found to contain malicious...

MAL-2025-47696 Malicious code in node-ts-cjs-web (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-6107 Malicious code in node-ts-cjs-auto (npm)

The package communicates with a domain associated with malicious activity...

Malicious code in node-ts-cjs-auto (npm)

The package communicates with a domain associated with malicious activity...

CVE-2021-29446

jose-node-cjs-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed...

CVE-2024-53384

A DOM Clobbering vulnerability in tsup v8.3.4 allows attackers to execute arbitrary code via a crafted script in the import.meta.url to document.currentScript in cjsshims.js components...

tsup DOM Clobbering vulnerability

A DOM Clobbering vulnerability in tsup v8.3.4 allows attackers to execute arbitrary code via a crafted script in the import.meta.url to document.currentScript in cjsshims.js components...

CVE-2024-53384

A DOM Clobbering vulnerability in tsup v8.3.4 allows attackers to execute arbitrary code via a crafted script in the import.meta.url to document.currentScript in cjsshims.js components...

CVE-2024-53384

CVE-2024-53384 affects tsup v8.3.4 with a DOM Clobbering vulnerability that lets an attacker execute arbitrary code via a crafted script in the import.meta.url to document.currentScript in cjs_shims.js components. The CVSS 3.1 vector shows a MEDIUM base score (5.1) with LOCAL attack vector, LOW a...

CVE-2024-47068

A flaw was found in the Rollup module bundler for JavaScript. Certain versions are susceptible to a DOM Clobbering vulnerability when bundling scripts with properties from import.meta such as import.meta.url in the cjs/umd/iife format. The DOM Clobbering gadget can lead to cross-site scripting XS...

CVE-2024-47068 DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS

Rollup is a module bundler for JavaScript. Versions prior to 2.79.2, 3.29.5, and 4.22.4 are susceptible to a DOM Clobbering vulnerability when bundling scripts with properties from import.meta e.g., import.meta.url in cjs/umd/iife format. The DOM Clobbering gadget can lead to cross-site scripting...

CVE-2024-45812

Vite a frontend build tooling framework for javascript. Affected versions of vite were discovered to contain a DOM Clobbering vulnerability when building scripts to cjs/iife/umd output format. The DOM Clobbering gadget in the module can lead to cross-site scripting XSS in web pages where scriptle...

PT-2024-31793 · Vite · Vite

Name of the Vulnerable Software and Affected Versions: Vite versions prior to 3.2.11 Vite versions prior to 4.5.5 Vite versions prior to 5.2.14 Vite versions prior to 5.3.6 Vite versions prior to 5.4.6 Description: A DOM Clobbering vulnerability was discovered in Vite when building scripts to...

Malicious code in query-string-cjs (npm)

--- -= Per source details. Do not edit below this line.=-...

ses-cjs (>=1.0.0 <=1.0.1) potentially affected by CVE-2023-39532 via ses (=0.13.1)

ses NPM version =0.13.1 is affected by a known vulnerability. The following packages have a transitive dependency on ses and may be impacted: - ses-cjs =1.0.0, =1.0.1 Source cves: CVE-2023-39532 Source advisory: OSV:GHSA-9C4H-3F7H-322R...

Malicious code in chalk-animate-cjs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 516c8dd53eb3c24c892eed50063a6f315dc748a4d2f006d392d7ec6785802d0b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-168 Malicious code in chalk-animate-cjs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 516c8dd53eb3c24c892eed50063a6f315dc748a4d2f006d392d7ec6785802d0b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview query-string-cjs is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package...

cortex-cli (>=2.0.8 <=2.1.1) potentially affected by CVE-2022-36083 via jose-node-cjs-runtime (>=4.10.0 <=4.8.1)

jose-node-cjs-runtime NPM version =4.10.0, =2.0.8, =2.1.1 Source cves: CVE-2022-36083 Source advisory: OSV:GHSA-JV3G-J58F-9MQ9...