Malicious code in xp-anti-fraud-js-lib (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f4628140ad8ca2bfe8fde97530e932f9f26df49b3841157bc7f8aa50535e77f7 The OpenSSF Package Analysis project identified 'xp-anti-fraud-js-lib...

HTTP Parameter Pollution

form-data is vulnerable to HTTP Parameter Pollution HPP. The vulnerability is due to the use of weak randomness in generating boundary values in lib/formdata.js, which allows an attacker to perform HTTP Parameter Pollution HPP by manipulating form data...

batata-lib (>=0.1.7 <=0.1.8), boosty-downloader (>=1.0.0 <=3.0.0) +76 more potentially affected by CVE-2025-54072 via yt-dlp (>=2025.10.14 <=2025.6.9)

yt-dlp PYPI version =2025.10.14, =0.1.7, =1.0.0, =0.0.2, =0.1.16, =0.4.3, =0.0.2.2, =0.1.0, =3.2.0, =3.4.2 and more Source cves: CVE-2025-54072 Source advisory: SNYK:PYTHON-YTDLP-10878169...

MAL-2025-191683 Malicious code in aphorism-lib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 95f15b2b497431703ff51667a4055e8172f9202aeeea0f725b0b0550812f3299 Importing the module starts a telegram bot that connects to a chat and executes provided commands --- Category: MALICIOUS - The campaign has clearly malicious...

CVE-2025-7783

Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with program files lib/formdata.Js. This issue affects form-data: 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3...

CVE-2025-7783

Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with program files lib/formdata.Js. This issue affects form-data: 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3...

Slackware: Security Advisory (SSA:2025-196-02)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Malicious code in dt-retag-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2d21deb5c26c8d9b0043ce26b0fe5ec1625607ab1e1c37102589f92ab7187364 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in fe-lib-localstorage (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2248551164f3d70ada0fcc43237796170d7613eb7bce9bcbd718d78b64262f9b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in fe-lib-store (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f305a62f895c51f453506e8a82753487edc589bb9dc03f1ad92dbc3b4e64dc37 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-5689 Malicious code in fe-lib-localstorage (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2248551164f3d70ada0fcc43237796170d7613eb7bce9bcbd718d78b64262f9b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-5690 Malicious code in fe-lib-store (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f305a62f895c51f453506e8a82753487edc589bb9dc03f1ad92dbc3b4e64dc37 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in pricing-simulator-lib (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b5c1139ad289202a8351450be1d1d9c57ca94946b8d066fbee4fa70796cc7853 Any computer that has this package installed or running should be considered...

MAL-2025-5822 Malicious code in pricing-simulator-lib (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b5c1139ad289202a8351450be1d1d9c57ca94946b8d066fbee4fa70796cc7853 Any computer that has this package installed or running should be considered...

Malicious code in company-secret-lib (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c27b257298761ee280760199b503ca3be60adbaf8ab92e36479e291e33db1b0a Any computer that has this package installed or running should be considered...

MAL-2025-5381 Malicious code in company-secret-lib (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c27b257298761ee280760199b503ca3be60adbaf8ab92e36479e291e33db1b0a Any computer that has this package installed or running should be considered...

CVE-2025-6545 pbkdf2 silently returns predictable uninitialized/zero-filled memory for non-normalized or unimplemented algos supported by Node.js

Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/to-buffer.Js. This issue affects pbkdf2: from 3.0.10 through 3.1.2...

CVE-2025-6545

CVE-2025-6545 (pbkdf2) : An improper input validation issue in pbkdf2 can enable signature spoofing. Affects pbkdf2 versions 3.0.10–3.1.2, with the root cause in the library’s input handling (noted as lib/to-buffer.Js). CVSS v4.0 base score 9.1 (critical). Public references describe vendor adviso...

CVE-2025-4754

Insufficient Session Expiration vulnerability in ash-project ashauthenticationphoenix allows Session Hijacking. This vulnerability is associated with program files lib/ashauthenticationphoenix/controller.ex. This issue affects ashauthenticationphoenix until 2.10.0...

Malicious code in secure-lib (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 434160e799ebf29235543a4b635db19fbdbe2ed92d2a9fb5e683f7574c9906d4 Any computer that has this package installed or running should be considered...