231 matches found
EUVD-2025-55177
Malicious code in conventional-jade-pig npm...
EUVD-2025-55176
Malicious code in conventional-red-piranha npm...
EUVD-2025-55175
Malicious code in conventional-yellow-octopus npm...
Malicious code in conventional-red-piranha (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 814aa4f0dfc74d0fefe9c5ac4ebfe61e0fc891e5368bc14191c2017623391dfb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-55178
Malicious code in conventional-emerald-hamster npm...
Malicious code in conventional-coral-piranha (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9594abe83e004cb8eaf79d29b2d47e8ad4d2fd601a175915fa3e479acf2cb4b1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-55179
Malicious code in conventional-coral-piranha npm...
EUVD-2025-50484
Malicious code in conventionalsnakez3n npm...
EUVD-2024-53778
Malicious code in bioql PyPI...
CVE-2025-59433
Conventional Changelog generates changelogs and release notes from a project's commit messages and metadata. Prior to version 2.0.0, @conventional-changelog/git-client has an argument injection vulnerability. This vulnerability manifests with the library's getTags API, which allows extra paramete...
CVE-2025-59433 @conventional-changelog/git-client has an Argument Injection vulnerability
Conventional Changelog generates changelogs and release notes from a project's commit messages and metadata. Prior to version 2.0.0, @conventional-changelog/git-client has an argument injection vulnerability. This vulnerability manifests with the library's getTags API, which allows extra paramete...
@akala/semantic-release (>=2.0.11 <=3.0.62), @blinkbooks/types (>=1.0.5 <=1.0.43) +32 more potentially affected by CVE-2025-59433 via @conventional-changelog/git-client (=1.0.1)
@conventional-changelog/git-client NPM version =1.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on @conventional-changelog/git-client and may be impacted: - @akala/semantic-release =2.0.11, =1.0.5, =4.0.0, =1.19.0, =2.10.0, =1.0.0, =1.0.0, =11.0.0,...
@conventional-changelog/git-client has Argument Injection vulnerability
Background on exploitation This vulnerability manifests with the library's getTags API, which allows specifying extra parameters passed to the git log command. In another API by this library - getRawCommits there are secure practices taken to ensure that the extra parameter path is unable to inje...
PT-2025-39067
Name of the Vulnerable Software and Affected Versions Conventional Changelog versions prior to 2.0.0 Description The @conventional-changelog/git-client library, versions prior to 2.0.0, contains a flaw in the getTags API that allows for argument injection into the git log command. This occurs...
Conventional Changelog 参数注入漏洞
Conventional Changelog is an open source update log generation tool from Conventional Changelog. A parameter injection vulnerability exists in Conventional Changelog versions prior to 2.0.0 that stems from not cleaning or validating user input in the getTags API, which could lead to a parameter...
Malicious code in procyon-cz-conventional-changelog-lynx-fetch (npm)
The package procyon-cz-conventional-changelog-lynx-fetch was found to contain malicious code...
Malicious code in rollup-plugin-markdownlint-cz-conventional-changelog-altair (npm)
The package rollup-plugin-markdownlint-cz-conventional-changelog-altair was found to contain malicious code...
Malicious code in augmentedreality-cz-conventional-changelog-elektra-bellatrix (npm)
The package augmentedreality-cz-conventional-changelog-elektra-bellatrix was found to contain malicious code...
Malicious code in node-sass-cz-conventional-changelog-foundation-nashira (npm)
The package node-sass-cz-conventional-changelog-foundation-nashira was found to contain malicious code...
MAL-2025-45905 Malicious code in rollup-plugin-markdownlint-cz-conventional-changelog-altair (npm)
The package rollup-plugin-markdownlint-cz-conventional-changelog-altair was found to contain malicious code...