434 matches found
Astra Linux - уязвимость в grunt
Path traversal in the GitHub repository gruntjs/grunt before version 1.5.2...
Astra Linux - уязвимость в grunt
The file.copy operations in GruntJS are vulnerable to a TOCTOU race condition, which can lead to arbitrary file writes in the GitHub repository gruntjs/grunt before version 1.5.3. This vulnerability allows for arbitrary file writes that can lead to local privilege escalation to the GruntJS user...
Malicious Package
Overview ig-grunt-file-list is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview ig-grunt-release is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
grunt-willitmerge (>=0.2.0 <=1.0.0) potentially affected by CVE-2025-66219 via willitmerge (=0.1.2)
willitmerge NPM version =0.1.2 is affected by a known vulnerability. The following packages have a transitive dependency on willitmerge and may be impacted: - grunt-willitmerge =0.2.0, =1.0.0 Source cves: CVE-2025-66219 Source advisory: SNYK:JS-WILLITMERGE-14135971...
grunt-willitmerge (>=0.2.0 <=1.0.0) potentially affected by CVE-2025-66219 via willitmerge (=0.1.2)
willitmerge NPM version =0.1.2 is affected by a known vulnerability. The following packages have a transitive dependency on willitmerge and may be impacted: - grunt-willitmerge =0.2.0, =1.0.0 Source cves: CVE-2025-66219 Source advisory: OSV:GHSA-J9WJ-M24M-7JJ6...
EUVD-2025-180384
Malicious code in apollo-ini-grunt-radiant npm...
EUVD-2025-179517
Malicious code in cosmos-yonder-grunt-nashira npm...
EUVD-2025-178643
Malicious code in grunt-bellatrix-less-sirius npm...
MAL-2025-187821 Malicious code in lithosphere-changelog-grunt-uglify-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a4b28e3e1e6b068cb69bf52bc1258cb4b9e14b392caba44b8a421e3b654326c0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-189608 Malicious code in spectron-grunt-auth-europa (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6cbd342d4b73f3ab91a46f07b5ec0f8fb7ea8893422949f32cb9b9cae1c1dc1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in spectron-grunt-auth-europa (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6cbd342d4b73f3ab91a46f07b5ec0f8fb7ea8893422949f32cb9b9cae1c1dc1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-177104
Malicious code in polaris-wasat-grunt-puppeteer npm...
EUVD-2025-176975
Malicious code in protractor-neptunology-less-grunt npm...
EUVD-2025-178980
Malicious code in exoplanet-boson-readable-grunt npm...
MAL-2025-186365 Malicious code in cosmos-yonder-grunt-nashira (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 05ec61cd9ccaae23473fa62ba89bdc0cd77a1cf4c2ad714655057db11196e10b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-175562
Malicious code in wezen-mutation-ora-grunt npm...
EUVD-2025-178573
Malicious code in heka-relay-grunt-gammarayburst npm...
EUVD-2025-176553
Malicious code in sagitta-shelljs-halley-grunt npm...
Malicious code in protractor-neptunology-less-grunt (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6f99a560aedc45e4f26911ef2f432de2beb6f35bacf82bea94cedc3949128db3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...