EUVD-2021-0621

Malware in sbrugna...

MAL-2025-36081 Malicious code in test-mlw2-raise-madge (npm)

The package test-mlw2-raise-madge was found to contain malicious code...

Malicious code in test-mlw2-raise-madge (npm)

The package test-mlw2-raise-madge was found to contain malicious code...

Improper Neutralization of Special Elements used in a Command

Overview In madge before version 4.0.1 it is possible to specify a custom Graphviz path via the graphVizPath option parameter which when the .image, .svg or .dot functions are called, is executed by the childprocess.exec function. Recommendation Upgrade to version 4.0.1 or later References - GitH...

@acala-network/bodhi (>=0.1.1 <=0.2.2-24), @acala-network/e2e (>=0.1.10 <=0.1.16) +108 more potentially affected by CVE-2021-23352 via madge (>=0.1.4 <=3.9.2)

madge NPM version =0.1.4, =0.1.1, =0.1.10, =0.6.2, =1.0.1, =0.0.12, =0.32.16, =1.0.0, =0.7.12-alpha-4eeb568.1, =0.7.12-alpha-4eeb568.1, =0.0.0, =1.0.0, =1.0.0, =1.0.1 and more Source cves: CVE-2021-23352 Source advisory: OSV:GHSA-753C-PHHG-CJ29...

Madge vulnerable to command injection

This affects the package madge before 4.0.1. It is possible to specify a custom Graphviz path via the graphVizPath option parameter which, when the .image, .svg or .dot functions are called, is executed by the childprocess.exec function. PoC js const madge = require'madge'; madge'..', graphVizPat...

GHSA-753C-PHHG-CJ29 Madge vulnerable to command injection

This affects the package madge before 4.0.1. It is possible to specify a custom Graphviz path via the graphVizPath option parameter which, when the .image, .svg or .dot functions are called, is executed by the childprocess.exec function. PoC js const madge = require'madge'; madge'..', graphVizPat...

OS Command Injection

madge is vulnerable to OS command injection. An attacker is able to inject and execute arbitrary OS commands via the graphVizPath option parameter...

CVE-2021-23352

This affects the package madge before 4.0.1. It is possible to specify a custom Graphviz path via the graphVizPath option parameter which when the .image, .svg or .dot functions are called, is executed by the childprocess.exec function...

CVE-2021-23352

This affects the package madge before 4.0.1. It is possible to specify a custom Graphviz path via the graphVizPath option parameter which when the .image, .svg or .dot functions are called, is executed by the childprocess.exec function...

Path traversal

This affects the package madge before 4.0.1. It is possible to specify a custom Graphviz path via the graphVizPath option parameter which when the .image, .svg or .dot functions are called, is executed by the childprocess.exec function...

CVE-2021-23352 Command Injection

This affects the package madge before 4.0.1. It is possible to specify a custom Graphviz path via the graphVizPath option parameter which when the .image, .svg or .dot functions are called, is executed by the childprocess.exec function...

CVE-2021-23352

The CVE-2021-23352 issue affects madge prior to 4.0.1. It allows a crafted graphVizPath value passed to graphVizPath, which is used by the image(), svg(), or dot() calls and executed via childprocess.exec. This can enable command execution if an attacker can influence the Graphviz path, as demons...

CVE-2021-23352

This affects the package madge before 4.0.1. It is possible to specify a custom Graphviz path via the graphVizPath option parameter which when the .image, .svg or .dot functions are called, is executed by the childprocess.exec function...

madge SQL注入漏洞

madge is an open source developer tool for generating visual graphs of module dependencies, finding circular dependencies, and providing you with other useful information. A SQL injection vulnerability exists in madge before 4.0.1, which stems from the graphVizPath option parameter specifying a...

Command Injection

Overview madge is a Madge is a developer tool for generating a visual graph of your module dependencies, finding circular dependencies, and give you other useful info. Affected versions of this package are vulnerable to Command Injection. It is possible to specify a custom Graphviz path via the...