EUVD-2025-113724

Malicious code in express-module-dione-json npm...

Malicious code in express-module-dione-json (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 746ff1eacfa26ef921d0bf5f4c8534d65842edc5283b1a692ecb6d1364145442 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2012-5675

Malware in sbrugna...

Security Bulletin: Security vulnerability in Node.js module affects IBM Business Process Manager (BPM) Configuration Editor (CVE-2015-1164)

Summary A security vulnerability has been reported for a dependent Node.js module "express". CVE-2015-1164 affects IBM Business Process Manager BPM because IBM BPM includes a stand-alone tool for editing configuration properties files that is based on open source Node.js technology. Vulnerability...

AZL-44892 CVE-2017-16119 affecting package nodejs-nodemon 2.0.3-5

Fresh is a module used by the Express.js framework for HTTP response freshness testing. It is vulnerable to a regular expression denial of service when it is passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition...

CVE-2012-5795

The CVE-2012-5795 issue concerns the PayPal Express module in osCommerce failing to verify that the server hostname matches a domain name in the certificate’s CN or SAN. This enables MITM-style spoofing of SSL servers using an arbitrary valid certificate. Affected component: PayPal Express integr...