MAL-2025-5058 Malicious code in secure-lib (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 434160e799ebf29235543a4b635db19fbdbe2ed92d2a9fb5e683f7574c9906d4 Any computer that has this package installed or running should be considered...

@dm3-org/delivery-service (>=1.4.0 <=1.7.1), @dm3-org/dm3-backend (>=1.0.1 <=1.7.1) +18 more potentially affected by unknown CVE via @dm3-org/dm3-lib-crypto (=1.7.2)

@dm3-org/dm3-lib-crypto NPM version =1.7.2 is affected by a known vulnerability. The following packages have a transitive dependency on @dm3-org/dm3-lib-crypto and may be impacted: - @dm3-org/delivery-service =1.4.0, =1.0.1, =1.0.5, =1.0.5, =1.0.5, =1.0.5, =1.0.5, =0.0.1-alpha1, =1.0.5, =1.4.0,...

MAL-2025-5018 Malicious code in @dm3-org/dm3-lib-crypto (npm)

The package communicates with a domain associated with malicious activity...

Malicious code in bzl_components-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2e9d92ea6bf2f83b7f1ef5fda995c4ca9b06ee0c6e4666b1ac581d884dbae28f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

deno_cli (>=0.18.0-preview4 <=0.23.0), deno_cli_snapshots (>=0.0.3 <=0.19.0) +2 more potentially affected by CVE-2025-48934 via deno (>=0.15.0 <=0.6.0)

deno CARGO version =0.15.0, =0.18.0-preview4, =0.0.3, =0.0.1, =0.23.0 Source cves: CVE-2025-48934 Source advisory: OSV:GHSA-7W8P-CHXQ-2789...

MAL-2025-4645 Malicious code in lib-wallet-pay-btc (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1867a5dee260868eb8f3e51c3df89b8f1e5752dd2c8529cbdc4ac73ab18d7394 Any computer that has this package installed or running should be considered...

Malicious code in cx-hub-interaction-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 17ef553f1f7cb91bd70d99d55deeb1c83c604b68581cbbfaac1f9bddfbdbe6e8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-4626 Malicious code in cx-hub-interaction-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 17ef553f1f7cb91bd70d99d55deeb1c83c604b68581cbbfaac1f9bddfbdbe6e8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in internal-lib-razor (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0887160400effb60b7905dc584aa2b213c2c74f7696f2c61b798e64d94ef1fec Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-4585 Malicious code in internal-lib-razor (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0887160400effb60b7905dc584aa2b213c2c74f7696f2c61b798e64d94ef1fec Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the cloneAction of the segment management. An attacker can bypass intended permission restrictions and clone segments even if they lack the necessary permissions to create new ones by exploiting the missing...

CVE-2024-46326

Public Knowledge Project pkp-lib 3.4.0-7 and earlier is vulnerable to Open redirect due to a lack of input sanitization in the logout function...

CVE-2024-37795

A segmentation fault in CVC5 Solver v1.1.3 allows attackers to cause a Denial of Service DoS via a crafted SMT-LIB input file containing the set-logic command with specific formatting errors...

CVE-2024-38987

aofl cli-lib v3.14.0 was discovered to contain a prototype pollution via the component defaultsDeep. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

CVE-2024-25117

php-svg-lib is a scalable vector graphics SVG file parsing/rendering library. Prior to version 0.5.2, php-svg-lib fails to validate that font-family doesn't contain a PHAR url, which might leads to RCE on PHP 8.0, and doesn't validate if external references are allowed. This might leads to bypass...

CVE-2023-5900

Cross-Site Request Forgery in GitHub repository pkp/pkp-lib prior to 3.3.0-16...

CVE-2023-37644

SWFTools 0.9.2 772e55a allows attackers to trigger a large memory-allocation attempt via a crafted document, as demonstrated by pdf2swf. This occurs in pngreadchunk in lib/png.c...

CVE-2023-5896

Cross-site Scripting XSS - Stored in GitHub repository pkp/pkp-lib prior to 3.4.0-4...

CVE-2023-5903

Cross-site Scripting XSS - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16...

CVE-2023-5889

Insufficient Session Expiration in GitHub repository pkp/pkp-lib prior to 3.3.0-16...