@mapbox/vnu-validate-html (=0.1.0), @northernbeat/gulp-tasks (>=1.0.48 <=1.0.50) +32 more potentially affected by CVE-2025-15104 via vnu-jar (>=16.12.27 <=25.12.31)

vnu-jar NPM version =16.12.27, =1.0.48, =1.0.3, =0.9.0, =0.1.1, =0.7.0, =0.1.2, =0.6.0, =8.1.0, =9.1.1, =1.0.0, =1.1.2, =2.0.0 and more Source cves: CVE-2025-15104 Source advisory: OSV:GHSA-FCCG-7W3P-W66F...

CVE-2020-7605

gulp-tape through 1.0.0 allows execution of arbitrary commands. It is possible to inject arbitrary commands as part of 'gulp-tape' options...

CVE-2020-7601

gulp-scss-lint through 1.0.0 allows execution of arbitrary commands. It is possible to inject arbitrary commands to the "exec" function located in "src/command.js" via the provided options...

EUVD-2025-199149

Malicious code in gulp-inject-envs npm...

ff-build (>=2.4.0 <=2.6.1) potentially affected by unknown CVE via gulp-inject-envs (=1.2.0)

gulp-inject-envs NPM version =1.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on gulp-inject-envs and may be impacted: - ff-build =2.4.0, =2.6.1 Source cves: unknown CVE Source advisory: OSV:MAL-2025-191105...

Malicious code in gulp-inject-envs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d230a528331dc71aa1fa5cb1d9fd8146d79d7e92f3aae2efd2ce7c177640b337 The package gulp-inject-envs was found to contain malicious code. Source: ghsa-malware 5dafa09839ea07c586670ac1a302805fb65ffaf32d1641dcab2be569a68231...

MAL-2025-191105 Malicious code in gulp-inject-envs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d230a528331dc71aa1fa5cb1d9fd8146d79d7e92f3aae2efd2ce7c177640b337 The package gulp-inject-envs was found to contain malicious code. Source: ghsa-malware 5dafa09839ea07c586670ac1a302805fb65ffaf32d1641dcab2be569a68231...

ff-build (>=2.4.0 <=2.6.1) potentially affected by unknown CVE via gulp-inject-envs (=1.2.0)

gulp-inject-envs NPM version =1.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on gulp-inject-envs and may be impacted: - ff-build =2.4.0, =2.6.1 Source cves: unknown CVE Source advisory: SNYK:JS-GULPINJECTENVS-14103633...

Malicious code in gulp-cluster-hermes-backend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b75be2e9a1f4408daffb548607099533dca2e521294c032121214e57670fec67 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-180196

Malicious code in avior-gulp-sagitta-ganymede npm...

EUVD-2025-177677

Malicious code in nebula-gulp-bootes-kastra npm...

MAL-2025-187251 Malicious code in gulp-javascript-carpo-markdown-pdf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 83f3fb31d46de531e486584cf860923fbaef0e8a21f7f9233132af1ea5a5ebc4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-179223

Malicious code in dysonswarm-gulp-dendrochronology-iota npm...

EUVD-2025-178629

Malicious code in gulp-oberon-husky-start npm...

EUVD-2025-180397

Malicious code in apex-gulp-npm-dione npm...

EUVD-2025-178632

Malicious code in gulp-cluster-hermes-backend npm...

Malicious code in umbriel-gulp-sqlite-shelljs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a191c64e27e6c7846f4fb786da99ba6ab75ab274a4df6b2b6334a001d7cd9cbd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-178630

Malicious code in gulp-kinetic-mongodb-astrometry npm...

EUVD-2025-180156

Malicious code in backend-enif-gulp-titan npm...

EUVD-2025-177866

Malicious code in meteor-chalk-blueshift-gulp npm...