EUVD-2025-120090

Malicious code in yonder-request-apex-express npm...

@5ht/express (>=1.0.6 <=2.2.0), @audius/sdk (>=0.0.3 <=7.1.1) +7 more potentially affected by CVE-2025-9287 via cipher-base (=1.0.4)

cipher-base NPM version =1.0.4 is affected by a known vulnerability. The following packages have a transitive dependency on cipher-base and may be impacted: - @5ht/express =1.0.6, =0.0.3, =6.0.4, =1.0.1, =1.5.2-beta.1, =1.0.0, =1.0.0, =0.2.0-beta.9, =0.2.0-beta.11 Source cves: CVE-2025-9287 Sourc...

Malicious code in exrpess (npm)

The package exrpess was found to contain malicious code...

Malicious code in express-hermes-quasar-puppeteer (npm)

The package express-hermes-quasar-puppeteer was found to contain malicious code...

MAL-2025-20101 Malicious code in exrpess (npm)

The package exrpess was found to contain malicious code...

7ghost-cli (>=1.17.6-next.0 <=1.18.4), @5ht/express (>=1.0.6 <=2.2.0) +628 more potentially affected by CVE-2025-7783 via form-data (>=3.0.0 <=3.0.3)

form-data NPM version =3.0.0, =1.17.6-next.0, =1.0.6, =1.0.0, =0.12.4, =1.1.3, =1.9.19, =1.1.0, =1.18.0, =2.13.1, =1.1.0, =10.1.0, =1.0.0, =1.9.2, =2.1.4 and more Source cves: CVE-2025-7783 Source advisory: OSV:GHSA-FJXV-7RQG-78G4...

nodejs:14 security, bug fix, and enhancement update

An update is available for nodejs-nodemon, nodejs, nodejs-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Node.js is a software development platform f...

Malicious code in internal_crypto_express_package (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 06c69db72707e6766450753f29b6bb428f55c0717b1299f0453c9259d92eb613 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...