ROOT-APP-NPM-CVE-2024-29415 CVE-2024-29415 in @rootio/ip - Patched by Root

Root has patched CVE-2024-29415 in the @rootio/ip package for Root:npm. Multiple fixed versions available...

Malicious code in demo-ip-package-cm (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 756fbc97ea8b65830898805513bede65c955e6ae300a4d19574e984d17615b37 The package demo-ip-package-cm was found to contain malicious code. Source: ghsa-malware...

Malicious code in demo-ip-package (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 94f9378de5524843952c850c47aae7cc5373145c2b41032b764da720e9a0656f The package demo-ip-package was found to contain malicious code. Source: ghsa-malware 9377708b245cac5b751ac6dc75d9218b993bcb4cebed6f2049a542868f5df31...

MAL-2026-1197 Malicious code in demo-ip-package-cm (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 756fbc97ea8b65830898805513bede65c955e6ae300a4d19574e984d17615b37 The package demo-ip-package-cm was found to contain malicious code. Source: ghsa-malware...

Atlassian Confluence < 9.2.6 / 9.3.x < 9.4.0 / < 9.4.0 / 9.5.x < 9.5.2 / 10.0.x < 10.0.2 / 10.1.0 (CONFSERVER-101488)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-101488 advisory. - The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses such as 0x7f.1 are improperly categorized as globally routable...

Security Bulletin: Astronomer with IBM is vulnerable to server-side request forgery due to the node-ip package (CVE-2025-59436, CVE-2025-59437)

Summary Node-ip is used by Astronomer with IBM as part of IP address processing functionality. Vulnerability Details CVEID:CVE-2025-59436 DESCRIPTION: The ip aka node-ip package through 2.0.1 in NPM might allow SSRF because the IP address value 017700000001 is improperly categorized as globally...

Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to Server-Side Request Forgery (SSRF) due to ip

Summary ip is used by IBM watsonx Orchestrate Developer Edition as part of image: tools-runtime Vulnerability Details CVEID:CVE-2024-29415 DESCRIPTION: The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and...

EUVD-2021-0751

Malware in sbrugna...

EUVD-2025-29357

Malicious code in bioql PyPI...

EUVD-2025-29356

Malicious code in bioql PyPI...

EUVD-2024-1886

Malicious code in bioql PyPI...

CVE-2025-59437

The ip aka node-ip package through 2.0.1 in NPM might allow SSRF because the IP address value 0 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2024-29415. NOTE: in current versions of several applications, connection...

Linux Distros Unpatched Vulnerability : CVE-2025-59436

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ip aka node-ip package through 2.0.1 in NPM might allow SSRF because the IP address value 017700000001 is improperly categorized as globally routable via...

Linux Distros Unpatched Vulnerability : CVE-2025-59437

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ip aka node-ip package through 2.0.1 in NPM might allow SSRF because the IP address value 0 is improperly categorized as globally routable via isPublic. NOT...

DEBIAN-CVE-2025-59437

The ip aka node-ip package through 2.0.1 in NPM might allow SSRF because the IP address value 0 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2024-29415. NOTE: in current versions of several applications, connection...

CVE-2025-59436

The ip aka node-ip package through 2.0.1 in NPM might allow SSRF because the IP address value 017700000001 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2024-29415...

CVE-2025-59437

The ip aka node-ip package through 2.0.1 in NPM might allow SSRF because the IP address value 0 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2024-29415. NOTE: in current versions of several applications, connection...

CVE-2025-59436

The ip aka node-ip package through 2.0.1 in NPM might allow SSRF because the IP address value 017700000001 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2024-29415...

UBUNTU-CVE-2025-59436

The ip aka node-ip package through 2.0.1 in NPM might allow SSRF because the IP address value 017700000001 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2024-29415...

CVE-2025-59436

The ip aka node-ip package through 2.0.1 in NPM might allow SSRF because the IP address value 017700000001 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2024-29415...