browserstack-tape-runner (>=1.0.0 <=3.0.0), duplo (>=1.6.11 <=1.9.1) +4 more potentially affected by CVE-2026-49143 via browserstack-runner (>=0.2.1 <=0.9.4)

browserstack-runner NPM version =0.2.1, =1.0.0, =1.6.11, =0.1.4, =0.1.1, =2.0.2 - run-browserstack-tests =1.0.2 - yasmf-localization =0.0.2 Source cves: CVE-2026-49143 Source advisory: OSV:GHSA-6VR3-7WCX-V5G5...

Astra Linux - уязвимость в grunt

Path traversal in the GitHub repository gruntjs/grunt before version 1.5.2...

Astra Linux - уязвимость в grunt

The file.copy operations in GruntJS are vulnerable to a TOCTOU race condition, which can lead to arbitrary file writes in the GitHub repository gruntjs/grunt before version 1.5.3. This vulnerability allows for arbitrary file writes that can lead to local privilege escalation to the GruntJS user...

Malicious Package

Overview ig-grunt-file-list is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview ig-grunt-release is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

grunt-willitmerge (>=0.2.0 <=1.0.0) potentially affected by CVE-2025-66219 via willitmerge (=0.1.2)

willitmerge NPM version =0.1.2 is affected by a known vulnerability. The following packages have a transitive dependency on willitmerge and may be impacted: - grunt-willitmerge =0.2.0, =1.0.0 Source cves: CVE-2025-66219 Source advisory: OSV:GHSA-J9WJ-M24M-7JJ6...

grunt-willitmerge (>=0.2.0 <=1.0.0) potentially affected by CVE-2025-66219 via willitmerge (=0.1.2)

willitmerge NPM version =0.1.2 is affected by a known vulnerability. The following packages have a transitive dependency on willitmerge and may be impacted: - grunt-willitmerge =0.2.0, =1.0.0 Source cves: CVE-2025-66219 Source advisory: SNYK:JS-WILLITMERGE-14135971...

EUVD-2025-177104

Malicious code in polaris-wasat-grunt-puppeteer npm...

EUVD-2025-179517

Malicious code in cosmos-yonder-grunt-nashira npm...

EUVD-2025-178061

Malicious code in lithosphere-changelog-grunt-uglify-js npm...

Malicious code in grus-pipe-websockets-grunt (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e908ab5a9f1588062bc9ccd9e3447dc656308f6a5f76ad9232116d8165cebad8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in spectron-grunt-auth-europa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6cbd342d4b73f3ab91a46f07b5ec0f8fb7ea8893422949f32cb9b9cae1c1dc1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-176267

Malicious code in spectron-grunt-auth-europa npm...

EUVD-2025-175562

Malicious code in wezen-mutation-ora-grunt npm...

EUVD-2025-176975

Malicious code in protractor-neptunology-less-grunt npm...

EUVD-2025-177853

Malicious code in meteor-octans-grunt-kuiperbelt npm...

EUVD-2025-178643

Malicious code in grunt-bellatrix-less-sirius npm...

EUVD-2025-178637

Malicious code in grus-pipe-websockets-grunt npm...

EUVD-2025-178573

Malicious code in heka-relay-grunt-gammarayburst npm...

EUVD-2025-178437

Malicious code in impulse-holography-grunt-sequelize npm...