@antv/d3-interpolate (>=1.0.2 <=1.0.3), @antv/g-base (=0.5.13) +1 more potentially affected by unknown CVE via @antv/d3-color (=1.0.0)

@antv/d3-color NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/d3-color and may be impacted: - @antv/d3-interpolate =1.0.2, =1.0.3 - @antv/g-base =0.5.13 - @yogeshcl/g6-react-ba =0.0.6 Source cves: unknown CVE Source advisory:...

Malicious code in @antv/d3-color (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

@antv/g-base (=0.5.13), @yogeshcl/g6-react-ba (=0.0.6) potentially affected by unknown CVE via @antv/d3-interpolate (=1.0.3)

@antv/d3-interpolate NPM version =1.0.3 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/d3-interpolate and may be impacted: - @antv/g-base =0.5.13 - @yogeshcl/g6-react-ba =0.0.6 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3866...

MAL-2026-3866 Malicious code in @antv/d3-interpolate (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

CVE-2016-10946

The wp-d3 plugin before 2.4.1 for WordPress has CSRF...

Security Bulletin: Multiple security vulnerabilities in IBM Business Automation Manager Open Editions

Summary d3-color and brace-expansion vulnerabilities are addressed in IBM Business Automation Manager Open Editions 9.3.0. Those libraries are used in the UI components of IBM Business Automation Manager Open Editions. Vulnerability Details CVEID:CVE-2025-5889 DESCRIPTION: A vulnerability was fou...

EUVD-2016-1937

Malware in sbrugna...

EUVD-2019-6431

Malware in sbrugna...

EUVD-2025-3494

Malicious code in bioql PyPI...

EUVD-2025-31068

Malicious code in bioql PyPI...

Prototype Pollution

Overview dagre-d3-es is a a href="https://www.npmjs.com/dagre- Affected versions of this package are vulnerable to Prototype Pollution via the addConflict function in the bk module. An attacker can modify the JavaScript Object prototype chain by injecting malicious input values, which may result ...

@8btc/excalidraw (>=0.18.0-beta.0 <=0.18.0-beta.4), @airmix/mcp-excalidraw-server (=1.0.6) +297 more potentially affected by CVE-2025-57347 via dagre-d3-es (>=7.0.10 <=7.0.11)

dagre-d3-es NPM version =7.0.10, =0.18.0-beta.0, =0.17.0-alkemio-1, =1.0.0, =0.18.3, =0.18.0, =0.0.1-BETA, =0.18.1, =1.1.4, =0.0.1, =0.15.0, =0.17.1, =0.17.2 - @changmao/reveal-md =6.1.4-chanmao0.0 and more Source cves: CVE-2025-57347 Source advisory: SNYK:JS-DAGRED3ES-13110069...

Prototype Pollution

Overview org.webjars.npm:dagre-d3-es is a a href="https://www.npmjs.com/dagre- Affected versions of this package are vulnerable to Prototype Pollution via the addConflict function in the bk module. An attacker can modify the JavaScript Object prototype chain by injecting malicious input values,...

CVE-2025-57347

A vulnerability exists in the 'dagre-d3-es' Node.js package version 7.0.9, specifically within the 'bk' module's addConflict function, which fails to properly sanitize user-supplied input during property assignment operations. This flaw allows attackers to exploit prototype pollution...

CVE-2025-57347

A vulnerability exists in the 'dagre-d3-es' Node.js package version 7.0.9, specifically within the 'bk' module's addConflict function, which fails to properly sanitize user-supplied input during property assignment operations. This flaw allows attackers to exploit prototype pollution...

dagre-d3-es 安全漏洞

dagre-d3-es is a js library by Teebo Personal Developers. A security vulnerability exists in dagre-d3-es versions prior to 7.0.11, which stems from the addConflict function of the bk module not properly cleaning up user input, which could lead to a prototype contamination attack...

CVE-2025-57347

A vulnerability exists in the 'dagre-d3-es' Node.js package version 7.0.9, specifically within the 'bk' module's addConflict function, which fails to properly sanitize user-supplied input during property assignment operations. This flaw allows attackers to exploit prototype pollution...

PT-2025-39322

Name of the Vulnerable Software and Affected Versions dagre-d3-es versions prior to 7.0.11 Description A flaw exists in the 'dagre-d3-es' Node.js package within the 'bk' module’s addConflict function. The issue stems from inadequate input sanitization during property assignment, allowing prototyp...

CVE-2025-57347

CVE-2025-57347 affects the Node.js package dagre-d3-es (v7.0.9 affected; patched in newer releases). The vulnerability resides in the bk module’s addConflict() where user input is not properly sanitized during property assignment, enabling prototype pollution via inputs like proto . This can poll...

CVE-2025-57347

A vulnerability exists in the 'dagre-d3-es' Node.js package version 7.0.9, specifically within the 'bk' module's addConflict function, which fails to properly sanitize user-supplied input during property assignment operations. This flaw allows attackers to exploit prototype pollution...