MAL-2025-23896 Malicious code in jquery-double-tap-to-go (npm)

The package jquery-double-tap-to-go was found to contain malicious code...

Ubuntu: Security Advisory (USN-7622-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Vulnerabilities in the jquery-1.10.0.js package affect Data Replication on Cloud Pak for Data

Summary Multiple vulnerabilities in the jquery-1.10.0.js package used in Data Replication on Cloud Pak for Data were addressed. Vulnerability Details CVEID:CVE-2020-11023 DESCRIPTION: In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing option elements from...

Ubuntu: Security Advisory (USN-7246-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

AZL-52587 CVE-2024-21538 affecting package js-jquery 3.5.0-4

Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string...

CVE-2019-20149 affecting package js-jquery for versions less than 3.5.0-4

CVE-2019-20149 affecting package js-jquery for versions less than 3.5.0-4. A patched version of the package is available...

AZL-43867 CVE-2023-26115 affecting package js-jquery 3.5.0-4

All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service ReDoS due to the usage of an insecure regular expression within the result variable...

AZL-43717 CVE-2022-25883 affecting package js-jquery 3.5.0-4

Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service ReDoS via the function new Range, when untrusted user data is provided as a range...

AZL-44820 CVE-2022-41940 affecting package js-jquery 3.5.0-4

Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the engine.io...

AZL-44541 CVE-2022-37598 affecting package js-jquery 3.5.0-4

Prototype pollution vulnerability in function DEFNODE in ast.js in mishoo UglifyJS 3.13.2 via the name variable in ast.js. NOTE: the vendor considers this an invalid report...

AZL-44964 CVE-2020-8203 affecting package js-jquery 3.5.0-4

Prototype pollution attack when using .zipObjectDeep in lodash before 4.17.20...

AZL-47271 CVE-2019-20149 affecting package js-jquery for versions less than 3.5.0-4

ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': 'name':'Symbol'. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result...

Debian: Security Advisory (DLA-1777-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

AZL-43792 CVE-2017-16137 affecting package js-jquery 3.5.0-4

The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue...

AZL-44502 CVE-2016-10540 affecting package js-jquery 3.5.0-4

Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript RegExp objects. The primary function, minimatchpath, pattern in Minimatch 3.0.1 and earlier is vulnerable to ReDoS in the pattern parameter...