SUSE CVE-2025-61140

The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution...

JSONPath vulnerable to Prototype Pollution due to insufficient input validation of object keys in lib/index.js

The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution...

GHSA-6C59-MWGH-R2X6 JSONPath vulnerable to Prototype Pollution due to insufficient input validation of object keys in lib/index.js

The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution...

EUVD-2025-206486

The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution...

CVE-2025-61140

The CVE-2025-61140 entry concerns jsonpath version 1.1.1, where the value function in lib/index.js is vulnerable to Prototype Pollution. This is documented across multiple sources (GitHub advisory, OSV/NVD entries, and Red Hat advisories) and is categorized with a critical CVSS score. The vulnera...

EUVD-2021-0600

Malware in sbrugna...

CVE-2020-7785

This affects all versions of package node-ps. The injection point is located in line 72 in lib/index.js...

CVE-2020-7785 Command Injection

This affects all versions of package node-ps. The injection point is located in line 72 in lib/index.js...

CVE-2020-7794

CVE-2020-7794 affects all versions of the buns package. The injection point is in lib/index.js:678 inside the exported function install(requestedModule). This enables command injection via crafted input; PoC and advisory details indicate insecure use of exec leading to arbitrary code execution. T...