CVE-2025-59037

CVE-2025-59037 covers DuckDB npm packages where four Node.js packages were briefly compromised with malware: @duckdb/[email protected], @duckdb/[email protected], [email protected], and @duckdb/[email protected]. The malicious versions attempted to interfere with cryptocurrency transactions. DuckDB de...

MAL-2025-46993 Malicious code in @duckdb/node-bindings (npm)

The DuckDB Node.js package @duckdb/node-bindings version 1.3.3 was compromised with malware through a sophisticated phishing attack targeting the DuckDB maintainers. An attacker created a pixel-perfect copy of the npmjs.com website at npmjs.help domain and tricked a maintainer into logging in and...