371 matches found
EUVD-2022-1677
Malicious code in bioql PyPI...
EUVD-2023-2840
Malicious code in bioql PyPI...
@afif_hh/composable (=1.0.2), @afif_hh/ui_components (>=1.0.5 <=1.0.30) +24 more potentially affected by CVE-2025-57325 via rollbar (>=2.10.0 <=2.26.4)
rollbar NPM version =2.10.0, =1.0.5, =1.0.0, =0.0.5, =0.0.2-beta.1, =0.5.4, =0.8.0, =2.0.0, =0.60.1, =0.20.0-beta.4, =1.0.0, =48.0.0, =1.0.0, =1.0.3 - bnjuilopjhgthtyi =99.99.99 and more Source cves: CVE-2025-57325 Source advisory: SNYK:JS-ROLLBAR-13110036...
CVE-2025-57328
toggle-array is a package designed to enables a property on the object at the specified index, while disabling the property on all other objects. A Prototype Pollution vulnerability in the enable and disable function of toggle-array v1.0.1 and before allows attackers to inject properties on...
messageformat 安全漏洞
messageformat is a messageformat open source ICU message format and Unicode message format library for Javascript. A security vulnerability exists in messageformat versions prior to 3.0.1, which stems from insufficient validation of nested message keys and could lead to a prototype pollution atta...
Security Bulletin: TS4500 Tape Library/Diamondback Tape Library addresses security vulnerability CVE-2021-23450
Summary The tape library web GUI used an outdated version of the JavaScript library dojo.js containing a prototype pollution vulnerability. This could potentially be leveraged to facilitate XSS attacks in the browser, or, if executed server-side, to enable remote code execution. The issue has bee...
GHSA-G38C-WXJF-XRH6 `git-comiters` Command Injection vulnerability
Background on the vulnerability This vulnerability manifests with the library's primary exported API: gitCommitersoptions, callback which allows specifying options such as cwd for current working directory and revisionRange as a revision pointer, such as HEAD. However, the library does not saniti...
Malicious code in javascript-auth0-selenology-blaze (npm)
The package javascript-auth0-selenology-blaze was found to contain malicious code...
libmozjs-128-0-128.14.0-1.1 on GA media (moderate)
libmozjs-128-0-128.14.0-1.1 on GA media Announcement ID: openSUSE-SU-2025:15494-1 Rating: moderate Cross-References: CVE-2025-9179 CVE-2025-9180 CVE-2025-9181 CVE-2025-9185 CVSS scores: CVE-2025-9179 SUSE : 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2025-9180 SUSE : 8.1...
CVE-2025-57810
CVE-2025-57810 affects the jsPDF library. The issue arises when user control of the first argument to addImage allows untrusted image data/URLs to trigger high CPU usage, leading to denial of service. This vulnerability is present in versions prior to 3.0.2 and was fixed in jsPDF 3.0.2. Impact is...
PT-2025-34787 · Jspdf · Jspdf
Name of the Vulnerable Software and Affected Versions: jsPDF versions prior to 3.0.2 Description: jsPDF is a JavaScript library used to generate PDFs. Prior to version 3.0.2, user control over the first argument of the addImage method can lead to high CPU utilization and denial of service...
Ubuntu 20.04 LTS : qs vulnerability (USN-7693-1)
The remote Ubuntu 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-7693-1 advisory. Nathanael Braun and Johan Brissaud discovered that qs was vulnerable to prototype pollution. A remote attacker could possibly use this issue to cause a denial of...
MAL-2025-11679 Malicious code in @zalastax/nolb-googlef (npm)
The package @zalastax/nolb-googlef was found to contain malicious code...
MAL-2025-23581 Malicious code in jadwal-liga-inggris (npm)
The package jadwal-liga-inggris was found to contain malicious code...
MAL-2025-17272 Malicious code in coinrider (npm)
The package coinrider was found to contain malicious code...
MAL-2025-16054 Malicious code in bpi39 (npm)
The package bpi39 was found to contain malicious code...
MAL-2025-12072 Malicious code in @zalastax/nolb-jso- (npm)
The package @zalastax/nolb-jso- was found to contain malicious code...
MAL-2025-21104 Malicious code in gaaaaaam (npm)
The package gaaaaaam was found to contain malicious code...
MAL-2025-14733 Malicious code in appointment-widget (npm)
The package appointment-widget was found to contain malicious code...
MAL-2025-19196 Malicious code in ecosystem-iris-eab640-project (npm)
The package ecosystem-iris-eab640-project was found to contain malicious code...