Security Bulletin: IBM Maximo Application Suite - Monitor Component uses csvtojson-2.0.10.tgz which is vulnerable to CVE-2025-57350.

Summary IBM Maximo Application Suite - Monitor Component uses csvtojson-2.0.10.tgz which is vulnerable to CVE-2025-57350. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-57350 DESCRIPTION: The csvtojson package, a tool for...

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service and code injection [CVE-2025-57350]

Summary Node.js module csvtojson is used by IBM App Connect Enterprise Certified Container for processing CSV data. IBM App Connect Enterprise Certified Container DesignerAuthoring, IntegrationRuntime and IntergrationServer operands are vulnerable to denial of service and code injection. This...

Security Bulletin: Multiple Vulnerabilities in IBM Decision Optimization for Cloud Pak for Data (CVE-2025-57350, CVE-2025-53057 and CVE-2025-53066)

Summary Multiple Vulnerabilities were addressed in IBM Decision Optimization for Cloud Pak for Data version 5.3.0 Vulnerability Details CVEID:CVE-2025-57350 DESCRIPTION: The csvtojson package, a tool for converting CSV data to JSON with customizable parsing capabilities, contains a prototype...

EUVD-2025-31040

Malicious code in bioql PyPI...

@adishare/strapi-plugin-import-export-entries (=1.23.2), @aller/svelte-components (=1.5.17) +62 more potentially affected by CVE-2025-57350 via csvtojson (=2.0.10)

csvtojson NPM version =2.0.10 is affected by a known vulnerability. The following packages have a transitive dependency on csvtojson and may be impacted: - @adishare/strapi-plugin-import-export-entries =1.23.2 - @aller/svelte-components =1.5.17 - @arisonadim/strapi-plugin-import-export-entries...

@4geit/rct-data-table-component (>=1.68.0 <=1.103.2), @adishare/strapi-plugin-import-export-entries (=1.23.2) +299 more potentially affected by CVE-2025-57350 via csvtojson (>=0.1.7 <=2.0.10)

csvtojson NPM version =0.1.7, =1.68.0, =0.0.1, =6.1.3, =3.0.1, =3.13.19, =0.0.0, =1.0.0, =0.0.1, =2.0.0, =2.1.0 and more Source cves: CVE-2025-57350 Source advisory: OSV:GHSA-VRW9-G62V-7FMF...

CSVTOJSON has a prototype pollution vulnerability

The csvtojson package, a tool for converting CSV data to JSON with customizable parsing capabilities, contains a prototype pollution vulnerability in versions prior to 2.0.10. This issue arises due to insufficient sanitization of nested header names during the parsing process in the parserjsonarr...

GHSA-VRW9-G62V-7FMF CSVTOJSON has a prototype pollution vulnerability

The csvtojson package, a tool for converting CSV data to JSON with customizable parsing capabilities, contains a prototype pollution vulnerability in versions prior to 2.0.10. This issue arises due to insufficient sanitization of nested header names during the parsing process in the parserjsonarr...

CVE-2025-57350

The csvtojson package, a tool for converting CSV data to JSON with customizable parsing capabilities, contains a prototype pollution vulnerability in versions prior to 2.0.10. This issue arises due to insufficient sanitization of nested header names during the parsing process in the parserjsonarr...

CVE-2025-57350

The csvtojson package, a tool for converting CSV data to JSON with customizable parsing capabilities, contains a prototype pollution vulnerability in versions prior to 2.0.10. This issue arises due to insufficient sanitization of nested header names during the parsing process in the parserjsonarr...

CSVTOJSON 安全漏洞

CSVTOJSON is a CSV parser by the individual developer Keyang Xiang. A security vulnerability exists in CSVTOJSON versions prior to 2.0.10, which stems from insufficient cleanup of nested header names during parsing by the parserjsonarray component, which could lead to a prototype pollution attack...

CVE-2025-57350

The csvtojson package, a tool for converting CSV data to JSON with customizable parsing capabilities, contains a prototype pollution vulnerability in versions prior to 2.0.10. This issue arises due to insufficient sanitization of nested header names during the parsing process in the parserjsonarr...