UBUNTU-CVE-2025-54363

Microsoft Knack 0.12.0 allows Regular expression Denial of Service ReDoS in the knack.introspection module. extractfullsummaryfromsignature employs an inefficient regular expression pattern: "\s:param\s+.+?\s:." that is susceptible to catastrophic backtracking when processing crafted docstrings...

mcp-cli 安全漏洞

mcp-cli is a model context protocol checker for Wong2 Personal Developer. A security vulnerability exists in mcp-cli version 1.13.0, which stems from an incorrect operation of the function redirectToAuthorization in the file /src/oauth/provider.js resulting in os command injection...

CVE-2025-8959 vulnerabilities

Vulnerabilities for packages: opentofu, terraform, xeol, wolfictl, snyk-cli, zarf, k9s, kots, grype, terragrunt, syft, conftest, trivy, trivy-operator, steampipe, kubescape, zot, tfsec, tflint, rancher-fleet...

GHSA-WJRX-6529-HCJ3 vulnerabilities

Vulnerabilities for packages: opentofu, terraform, xeol, wolfictl, snyk-cli, zarf, k9s, kots, grype, terragrunt, syft, conftest, trivy, trivy-operator, steampipe, kubescape, zot, tfsec, tflint, rancher-fleet...

CVE-2025-8959 vulnerabilities

Vulnerabilities for packages: trivy-fips, trivy, grype-fips, tfsec, terragrunt, zot, tflint, chainctl, xeol, syft, zarf, trivy-operator, opentofu-fips, terraform-fips, kubescape, rancher-fleet, kots, snyk-cli, k9s-fips, grype-db, xeol-fips, grype, trivy-operator-fips, cloudbeat-fips, opentofu,...

Malicious code in meid-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 54a1eca3fe980472cd2c418bc50f361595c86cc248665cdf8e01129e7af96f66 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview meid-cli is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Malicious code in fin-vue-cli (npm)

The package fin-vue-cli was found to contain malicious code...

Malicious code in spectron-cli-duplex-unuk (npm)

The package spectron-cli-duplex-unuk was found to contain malicious code...

Malicious code in cli-plugin-ngrok (npm)

The package cli-plugin-ngrok was found to contain malicious code...

cli-form (>=0.0.0 <=0.1.4), cli-qa (>=0.0.0 <=2.3.0) +2 more potentially affected by unknown CVE via on-key-press (=0.0.0)

on-key-press NPM version =0.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on on-key-press and may be impacted: - cli-form =0.0.0, =0.0.0, =0.0.0, =0.0.0, =1.0.1 Source cves: unknown CVE Source advisory: OSV:MAL-2025-28228...

Malicious code in bulma-dione-celeste-cli (npm)

The package bulma-dione-celeste-cli was found to contain malicious code...

Malicious code in vue-cli-nb-no (npm)

The package vue-cli-nb-no was found to contain malicious code...

Malicious code in trucks-cli (npm)

The package trucks-cli was found to contain malicious code...

brick (=0.0.0), brick-node (>=0.0.8 <=0.0.17) +30 more potentially affected by unknown CVE via show-help (>=0.0.0 <=2.0.1)

show-help NPM version =0.0.0, =0.0.8, =0.0.0, =0.0.5, =0.0.0, =0.0.0, =0.0.7, =0.0.9, =1.1.0, =1.1.1 and more Source cves: unknown CVE Source advisory: OSV:MAL-2025-33162...

@uni-cli/cli (>=1.0.6 <=1.0.12), @uni-cli/init (=1.0.12) +1 more potentially affected by unknown CVE via fs-extar (=0.0.1-security)

fs-extar NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on fs-extar and may be impacted: - @uni-cli/cli =1.0.6, =1.0.12 - @uni-cli/init =1.0.12 - hwsz-tools =1.0.0 Source cves: unknown CVE Source advisory: OSV:MAL-2025-21006...

change-object (=0.0.0), cli-qa (=2.0.0) +7 more potentially affected by unknown CVE via run-serially (=0.0.0)

run-serially NPM version =0.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on run-serially and may be impacted: - change-object =0.0.0 - cli-qa =2.0.0 - comma-list =0.0.0 - fd-select =1.0.0 - frp-tick =1.0.0 - innkeeper =1.0.4 - limited-parallel-loop...

ahmedraza-atm (>=2.0.0 <=2.0.3), cli-03-todo-list (=1.0.0) +3 more potentially affected by unknown CVE via chlak (=0.0.1-security)

chlak NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on chlak and may be impacted: - ahmedraza-atm =2.0.0, =1.0.0, =1.0.0, =1.0.1 - todo-list-with-anila-waqar =1.0.0 Source cves: unknown CVE Source advisory: OSV:MAL-2025-16991...

luis-reddit-cli (=1.0.0), md-links-larissadepaula (>=0.2.0 <=0.2.1) +1 more potentially affected by unknown CVE via node-fecth (=0.0.1-security)

node-fecth NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on node-fecth and may be impacted: - luis-reddit-cli =1.0.0 - md-links-larissadepaula =0.2.0, =0.0.37, =0.0.40 Source cves: unknown CVE Source advisory: OSV:MAL-2025-27...

kik (>=0.0.0 <=1.3.0) potentially affected by unknown CVE via cli-form (=0.1.4)

cli-form NPM version =0.1.4 is affected by a known vulnerability. The following packages have a transitive dependency on cli-form and may be impacted: - kik =0.0.0, =1.3.0 Source cves: unknown CVE Source advisory: OSV:MAL-2025-17105...