@certd/commercial-core (>=1.25.9 <=1.39.13), @certd/lib-server (>=1.36.25 <=1.39.13) +32 more potentially affected by CVE-2025-62595 via koa (=2.16.2)

koa NPM version =2.16.2 is affected by a known vulnerability. The following packages have a transitive dependency on koa and may be impacted: - @certd/commercial-core =1.25.9, =1.36.25, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =0.19.3, =3.20.11,...

@certd/commercial-core (>=1.25.9 <=1.39.13), @certd/lib-server (>=1.36.25 <=1.39.13) +32 more potentially affected by CVE-2025-62595 +1 more via koa (=2.16.2)

koa NPM version =2.16.2 is affected by a known vulnerability. The following packages have a transitive dependency on koa and may be impacted: - @certd/commercial-core =1.25.9, =1.36.25, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =0.19.3, =3.20.11,...

@dm3-org/delivery-service (>=1.4.0 <=1.7.1), @dm3-org/dm3-backend (>=1.0.1 <=1.7.1) +18 more potentially affected by unknown CVE via @dm3-org/dm3-lib-shared (>=1.0.6 <=1.7.2)

@dm3-org/dm3-lib-shared NPM version =1.0.6, =1.4.0, =1.0.1, =1.0.5, =1.0.5, =1.0.5, =1.0.5, =1.0.5, =0.0.1-alpha1, =1.0.5, =1.4.0, =1.0.0, =1.0.7 and more Source cves: unknown CVE Source advisory: OSV:MAL-2025-3713...

Buffer overflow

In MicroHttpServer aka Micro HTTP Server through a8ab029, ParseHeader in lib/server.c allows a one-byte recv buffer overflow via a long URI...

MAL-2022-1543 Malicious code in bfx-lib-server-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 99dd5c11acfbc3d05c335cec97025ce9519b1a3ddf7ca73f89fdb85b8a112487 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...