114 matches found
CVE-2026-33943
Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. In versions 15.10.0 through 20.8.7, a code injection vulnerability in ECMAScriptModuleCompiler allows an attacker to achieve Remote Code Execution RCE by injecting arbitrary JavaScript expressions insi...
CVE-2026-33943 Happy DOM ECMAScriptModuleCompiler: unsanitized export names are interpolated as executable code
Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. In versions 15.10.0 through 20.8.7, a code injection vulnerability in ECMAScriptModuleCompiler allows an attacker to achieve Remote Code Execution RCE by injecting arbitrary JavaScript expressions insi...
CVE-2026-33943 Happy DOM ECMAScriptModuleCompiler: unsanitized export names are interpolated as executable code
Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. In versions 15.10.0 through 20.8.7, a code injection vulnerability in ECMAScriptModuleCompiler allows an attacker to achieve Remote Code Execution RCE by injecting arbitrary JavaScript expressions insi...
CVE-2026-33943 Happy DOM ECMAScriptModuleCompiler: unsanitized export names are interpolated as executable code
Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. In versions 15.10.0 through 20.8.7, a code injection vulnerability in ECMAScriptModuleCompiler allows an attacker to achieve Remote Code Execution RCE by injecting arbitrary JavaScript expressions insi...
Arbitrary Code Injection
Overview happy-dom is a Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. It includes many web standards from WHATWG DOM and HTML. Affected versions of this package are vulnerable to Arbitrary Code Injection in the ECMAScript module compilation proces...
GHSA-6Q6H-J7HJ-3R64 Happy DOM ECMAScriptModuleCompiler: unsanitized export names are interpolated as executable code
Summary A code injection vulnerability in ECMAScriptModuleCompiler allows an attacker to achieve Remote Code Execution RCE by injecting arbitrary JavaScript expressions inside export declarations in ES module scripts processed by happy-dom. The compiler directly interpolates unsanitized content...
Happy DOM ECMAScriptModuleCompiler: unsanitized export names are interpolated as executable code
Summary A code injection vulnerability in ECMAScriptModuleCompiler allows an attacker to achieve Remote Code Execution RCE by injecting arbitrary JavaScript expressions inside export declarations in ES module scripts processed by happy-dom. The compiler directly interpolates unsanitized content...
MAL-2026-1516 Malicious code in es6-recommended (npm)
The package 'es6-recommended' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
Malicious code in es6-recommended (npm)
The package 'es6-recommended' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
PT-2026-21362
ASN.1 TypeScript ESM library, including codecs for Basic Encoding Rules BER and Distinguished Encoding Rules DER. In versions 11.0.5 and below, in some cases, decoding an INTEGER could leak the underlying ArrayBuffer. This issue is expected to be fixed in version 11.0.6...
EUVD-2026-1374
Malicious code in sort-imports-es6-autofix npm...
Malicious code in ecmascript-runtime-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2749802bf68a2c601d1c2e22b4a398e096fca7b10d248305df538e8364390259 The package ecmascript-runtime-client was found to contain malicious code. Source: ghsa-malware...
MAL-2025-192409 Malicious code in ecmascript-runtime-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2749802bf68a2c601d1c2e22b4a398e096fca7b10d248305df538e8364390259 The package ecmascript-runtime-client was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-202362
Malicious code in ecmascript-runtime-client npm...
Malicious Package
Overview ecmascript-runtime-client is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
EUVD-2008-1142
Malware in sbrugna...
EUVD-2015-4498
Malware in sbrugna...
EUVD-2015-4536
Malware in sbrugna...
EUVD-2024-0508
Malicious code in bioql PyPI...
EUVD-2024-40246
Malicious code in bioql PyPI...