@cloudcommerce/storefront (>=0.10.0 <=0.11.0), @gspenst/next (>=0.0.1 <=0.1.2) +6 more potentially affected by CVE-2025-68278 via @tinacms/cli (>=0.60.28 <=1.12.6)

@tinacms/cli NPM version =0.60.28, =0.10.0, =0.0.1, =0.1.0, =0.0.2, =0.0.3, =0.0.1, =0.1.3 - next-tina-github-starter =0.1.0 - ramidus =1.2.1 Source cves: CVE-2025-68278 Source advisory: OSV:GHSA-529F-9QWM-9628...

@asyncapi/cli (>=1.4.0 <=2.16.7) potentially affected by unknown CVE via @asyncapi/studio (=0.20.2)

@asyncapi/studio NPM version =0.20.2 is affected by a known vulnerability. The following packages have a transitive dependency on @asyncapi/studio and may be impacted: - @asyncapi/cli =1.4.0, =2.16.7 Source cves: unknown CVE Source advisory: OSV:MAL-2025-190863...

windmill-cli (>=0.0.1 <=0.0.13) potentially affected by CVE-2025-55152 via @oakserver/oak (>=12.6.2 <=14.1.0)

@oakserver/oak NPM version =12.6.2, =0.0.1, =0.0.13 Source cves: CVE-2025-55152 Source advisory: SNYK:JS-OAKSERVEROAK-11735294...

DependencyCheck Log Information Disclosure Vulnerability

DependencyCheck is a software portfolio analysis SCA tool that attempts to detect publicly disclosed vulnerabilities contained in project dependencies. A security vulnerability exists in DependencyCheck. An attacker exploited the vulnerability to recover NVD API keys from log files. The following...