Nodejs Squirrelly - Remote Code Execution

Nodejs Squirrelly is susceptible to remote code execution. Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuratio...

MAL-2026-1106 Malicious code in expressjs-lint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c3397ee6d6f62a99d9c9e5610fa1bcf756e7a58ee90c8997b60c73a642b98a1 The package expressjs-lint was found to contain malicious code. Source: ghsa-malware 841065e5ca8d5b64f5b09bd37c92a9d8c52d7fa2a5e52cf0f24737700853f7b7...

Malicious code in expressjs-lint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c3397ee6d6f62a99d9c9e5610fa1bcf756e7a58ee90c8997b60c73a642b98a1 The package expressjs-lint was found to contain malicious code. Source: ghsa-malware 841065e5ca8d5b64f5b09bd37c92a9d8c52d7fa2a5e52cf0f24737700853f7b7...

Malicious Package

Overview expressjs-lint is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2025-20097 Malicious code in expressjs-mynodeutils (npm)

The package expressjs-mynodeutils was found to contain malicious code...

Malicious code in expressjs-mynodeutils (npm)

The package expressjs-mynodeutils was found to contain malicious code...

CVE-2021-32819

Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuration options remote code execution may be triggered in...

Security Bulletin: Vulnerability in expressjs express affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in expressjs express has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

Security Bulletin: Vulnerability in expressjs serve-static affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in expressjs serve-static has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional...

Security Bulletin: Vulnerability in expressjs body-parser affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in expressjs body-parser has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional informatio...

Security Bulletin: IBM DataStage on Cloud Pak for Data is vulnerable to a phishing attack due to the ExpressJS package (CVE-2024-29041)

Summary ExpressJS is used by IBM DataStage on Cloud Pak for Data as part of the web application framework. Vulnerability Details CVEID:CVE-2024-29041 DESCRIPTION: Express.js Express could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in expressjs body-parser (CVE-2024-45590)

Summary A vulnerability in expressjs body-parser that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-45590 DESCRIPTION: expressjs body-parser is vulnerable to a denial of service, caused by a flaw when url encoding is enabled. By sending a specially...

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to cross-site scripting (CVE-2024-43800)

Summary There is a vulnerability in expressjs serve-static used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-43800 DESCRIPTION: expressjs serve-static is...

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service and server-side request forgery [CVE-2024-45590] [CVE-2024-39338]

Summary Node.js modules expressjs and axios are used by IBM App Connect Enterprise Certified Container for making and responding to HTTP communications. IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service and server-side request forgery. This bulletin...

Security Bulletin: A vulnerability in Nest affects IBM Robotic Process Automation and may result in a denial of service (CVE-2024-45590).

Summary A vulnerability in Nest affects IBM Robotic Process Automation and may result in a denial of service. Nest is used by IBM Robotic Process Automation as part of its server side application framework. This bulletin identifies the security fix to apply to address the vulnerability...

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to a denial of service (CVE-2024-45590)

Summary There is a vulnerability in expressjs body-parser used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-45590 DESCRIPTION: expressjs body-parser is vulnerabl...

Security Bulletin: Vulnerability in expressjs body-parser affect BM Spectrum Control

Summary expressjs body-parser is vulnerable to a denial of service attack. This vulnerability affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2024-45590 DESCRIPTION: expressjs body-parser is vulnerable to a denial of service, caused by a flaw when url encoding is enabled. By sending ...

Security Bulletin: IBM Observability with Instana is affected by Multiple Security Vulnerabilities

Summary Multiple vulnerabilities were addressed in IBM Observability with Instana in build 1.285.0 Vulnerability Details CVEID:CVE-2021-40690 DESCRIPTION: Apache Santuario XML Security for Java could allow a remote attacker to bypass security restrictions, caused by the improper passing of the...

Malicious code in @ciam-expressjs-vanilla-samples/shared (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis cc28deadcf9235665f79c65d92ca7684f27361c14efa6bcd44ad82b40947b9df The OpenSSF Package Analysis project identified '@ciam-expressjs-vanilla-samples/shared' @ 1.0.1 npm as malicious. It is considered malicious...

Security Bulletin: IBM Edge Application Manager 4.5.8 addresses the security vulnerabilities listed in the CVEs below.

Summary IBM Edge Application Manager 4.5.8 addresses the security vulnerabilities listed in the CVEs below. Vulnerability Details CVEID:CVE-2024-43799 DESCRIPTION: pillarjs send is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could...