Lucene search
+L

231 matches found

EUVD
EUVD
added 2025/11/11 12:41 a.m.1 views

EUVD-2025-55177

Malicious code in conventional-jade-pig npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/11 12:41 a.m.4 views

EUVD-2025-55176

Malicious code in conventional-red-piranha npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/11 12:41 a.m.0 views

EUVD-2025-55175

Malicious code in conventional-yellow-octopus npm...

6.6AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/11 12:41 a.m.2 views

Malicious code in conventional-red-piranha (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 814aa4f0dfc74d0fefe9c5ac4ebfe61e0fc891e5368bc14191c2017623391dfb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
EUVD
EUVD
added 2025/11/11 12:41 a.m.1 views

EUVD-2025-55178

Malicious code in conventional-emerald-hamster npm...

6.6AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/11 12:41 a.m.2 views

Malicious code in conventional-coral-piranha (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9594abe83e004cb8eaf79d29b2d47e8ad4d2fd601a175915fa3e479acf2cb4b1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
EUVD
EUVD
added 2025/11/11 12:41 a.m.1 views

EUVD-2025-55179

Malicious code in conventional-coral-piranha npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/10 6:2 p.m.1 views

EUVD-2025-50484

Malicious code in conventionalsnakez3n npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-53778

Malicious code in bioql PyPI...

7.2AI score0.00179EPSS
Exploits0References2
NVD
NVD
added 2025/09/22 8:15 p.m.31 views

CVE-2025-59433

Conventional Changelog generates changelogs and release notes from a project's commit messages and metadata. Prior to version 2.0.0, @conventional-changelog/git-client has an argument injection vulnerability. This vulnerability manifests with the library's getTags API, which allows extra paramete...

5.3CVSS0.00202EPSS
Exploits0References2
OSV
OSV
added 2025/09/22 7:14 p.m.8 views

CVE-2025-59433 @conventional-changelog/git-client has an Argument Injection vulnerability

Conventional Changelog generates changelogs and release notes from a project's commit messages and metadata. Prior to version 2.0.0, @conventional-changelog/git-client has an argument injection vulnerability. This vulnerability manifests with the library's getTags API, which allows extra paramete...

5.3CVSS7.2AI score0.00202EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2025/09/22 6:1 p.m.9 views

@akala/semantic-release (>=2.0.11 <=3.0.62), @blinkbooks/types (>=1.0.5 <=1.0.43) +32 more potentially affected by CVE-2025-59433 via @conventional-changelog/git-client (=1.0.1)

@conventional-changelog/git-client NPM version =1.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on @conventional-changelog/git-client and may be impacted: - @akala/semantic-release =2.0.11, =1.0.5, =4.0.0, =1.19.0, =2.10.0, =1.0.0, =1.0.0, =11.0.0,...

5.3CVSS5.7AI score0.00202EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2025/09/22 6:1 p.m.11 views

@conventional-changelog/git-client has Argument Injection vulnerability

Background on exploitation This vulnerability manifests with the library's getTags API, which allows specifying extra parameters passed to the git log command. In another API by this library - getRawCommits there are secure practices taken to ensure that the extra parameter path is unable to inje...

5.3CVSS7.5AI score0.00202EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/09/22 12:0 a.m.8 views

PT-2025-39067

Name of the Vulnerable Software and Affected Versions Conventional Changelog versions prior to 2.0.0 Description The @conventional-changelog/git-client library, versions prior to 2.0.0, contains a flaw in the getTags API that allows for argument injection into the git log command. This occurs...

5.3CVSS7AI score0.00202EPSS
Exploits0References9
CNNVD
CNNVD
added 2025/09/22 12:0 a.m.5 views

Conventional Changelog 参数注入漏洞

Conventional Changelog is an open source update log generation tool from Conventional Changelog. A parameter injection vulnerability exists in Conventional Changelog versions prior to 2.0.0 that stems from not cleaning or validating user input in the getTags API, which could lead to a parameter...

5.3CVSS6.9AI score0.00202EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/09/05 5:10 p.m.4 views

Malicious code in procyon-cz-conventional-changelog-lynx-fetch (npm)

The package procyon-cz-conventional-changelog-lynx-fetch was found to contain malicious code...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/09/05 5:10 p.m.3 views

Malicious code in rollup-plugin-markdownlint-cz-conventional-changelog-altair (npm)

The package rollup-plugin-markdownlint-cz-conventional-changelog-altair was found to contain malicious code...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/09/05 5:10 p.m.6 views

Malicious code in augmentedreality-cz-conventional-changelog-elektra-bellatrix (npm)

The package augmentedreality-cz-conventional-changelog-elektra-bellatrix was found to contain malicious code...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/09/05 5:10 p.m.3 views

Malicious code in node-sass-cz-conventional-changelog-foundation-nashira (npm)

The package node-sass-cz-conventional-changelog-foundation-nashira was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/09/05 5:10 p.m.3 views

MAL-2025-45905 Malicious code in rollup-plugin-markdownlint-cz-conventional-changelog-altair (npm)

The package rollup-plugin-markdownlint-cz-conventional-changelog-altair was found to contain malicious code...

7AI score
Exploits0
Rows per page
Query Builder