EUVD-2025-31068

Malicious code in bioql PyPI...

@8btc/excalidraw (>=0.18.0-beta.0 <=0.18.0-beta.4), @airmix/mcp-excalidraw-server (=1.0.6) +336 more potentially affected by CVE-2025-57347 via dagre-d3-es (>=7.0.10 <=7.0.11)

dagre-d3-es NPM version =7.0.10, =0.18.0-beta.0, =0.17.0-alkemio-1, =1.0.0, =0.18.3, =0.18.0, =0.0.1-BETA, =0.18.1, =1.1.4, =0.0.1, =0.15.0, =0.17.1, =0.17.2 - @changmao/reveal-md =6.1.4-chanmao0.0 and more Source cves: CVE-2025-57347 Source advisory: SNYK:JS-DAGRED3ES-13110069...

Prototype Pollution

Overview dagre-d3-es is a a href="https://www.npmjs.com/dagre- Affected versions of this package are vulnerable to Prototype Pollution via the addConflict function in the bk module. An attacker can modify the JavaScript Object prototype chain by injecting malicious input values, which may result ...

Prototype Pollution

Overview org.webjars.npm:dagre-d3-es is a a href="https://www.npmjs.com/dagre- Affected versions of this package are vulnerable to Prototype Pollution via the addConflict function in the bk module. An attacker can modify the JavaScript Object prototype chain by injecting malicious input values,...

CVE-2025-57347

A vulnerability exists in the 'dagre-d3-es' Node.js package version 7.0.9, specifically within the 'bk' module's addConflict function, which fails to properly sanitize user-supplied input during property assignment operations. This flaw allows attackers to exploit prototype pollution...

CVE-2025-57347

A vulnerability exists in the 'dagre-d3-es' Node.js package version 7.0.9, specifically within the 'bk' module's addConflict function, which fails to properly sanitize user-supplied input during property assignment operations. This flaw allows attackers to exploit prototype pollution...

dagre-d3-es 安全漏洞

dagre-d3-es is a js library by Teebo Personal Developers. A security vulnerability exists in dagre-d3-es versions prior to 7.0.11, which stems from the addConflict function of the bk module not properly cleaning up user input, which could lead to a prototype contamination attack...

CVE-2025-57347

A vulnerability exists in the 'dagre-d3-es' Node.js package version 7.0.9, specifically within the 'bk' module's addConflict function, which fails to properly sanitize user-supplied input during property assignment operations. This flaw allows attackers to exploit prototype pollution...

CVE-2025-57347

CVE-2025-57347 affects the Node.js package dagre-d3-es (v7.0.9 affected; patched in newer releases). The vulnerability resides in the bk module’s addConflict() where user input is not properly sanitized during property assignment, enabling prototype pollution via inputs like proto . This can poll...

PT-2025-39322

Name of the Vulnerable Software and Affected Versions dagre-d3-es versions prior to 7.0.11 Description A flaw exists in the 'dagre-d3-es' Node.js package within the 'bk' module’s addConflict function. The issue stems from inadequate input sanitization during property assignment, allowing prototyp...

CVE-2025-57347

A vulnerability exists in the 'dagre-d3-es' Node.js package version 7.0.9, specifically within the 'bk' module's addConflict function, which fails to properly sanitize user-supplied input during property assignment operations. This flaw allows attackers to exploit prototype pollution...