GeometryCollection with strict-winding polygon causes server crash during 2dsphere index key generation

An authorized user could trigger a server crash by running a query with a 2dsphere index on a field that stores a GeoJSON GeometryCollection containing a Polygon with a strict-winding CRS. Strict-winding polygons are intentionally unsupported for indexing, but the guard that rejects them does not...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

Malicious code in korea-administrative-area-geo-json-util (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d3e5fc5ac9320c5c6de500011362abf25bbbebf4427f272bef9a58fa0d5c0f03 The package korea-administrative-area-geo-json-util was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-198720

Malicious code in korea-administrative-area-geo-json-util npm...