3 matches found
@adpt/testutils (>=0.1.0-next.1 <=0.4.0-next.6), @lavamoat/git-safe-dependencies (>=0.1.1 <=0.2.1) +6 more potentially affected by CVE-2025-4759 via lockfile-lint-api (>=1.0.7 <=5.9.1)
lockfile-lint-api NPM version =1.0.7, =0.1.0-next.1, =0.1.1, =1.0.0, =4.3.1-test1, =1.3.0, =1.0.1, =4.2.2, =4.3.1, =4.7.0 Source cves: CVE-2025-4759 Source advisory: OSV:GHSA-7CFR-5CJF-32P4...
@lavamoat/git-safe-dependencies (>=0.1.1 <=0.2.1) potentially affected by CVE-2025-4759 via lockfile-lint-api (=5.9.1)
lockfile-lint-api NPM version =5.9.1 is affected by a known vulnerability. The following packages have a transitive dependency on lockfile-lint-api and may be impacted: - @lavamoat/git-safe-dependencies =0.1.1, =0.2.1 Source cves: CVE-2025-4759 Source advisory: SNYK:JS-LOCKFILELINTAPI-10169587...
GHSA-WHPX-Q3RQ-W8JC Hardening of TypedArrays with non-canonical numeric property names in SES
Impact What kind of vulnerability is it? Who is impacted? In Hardened JavaScript, programs can harden objects to safely share objects with co-tenant programs without risk of these other programs tampering with their API surface. Hardening does not guarantee that objects are pure or immutable, so ...