ROOT-APP-NPM-CVE-2022-31129 CVE-2022-31129 in @rootio/moment - Patched by Root

Root has patched CVE-2022-31129 in the @rootio/moment package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2022-24785 CVE-2022-24785 in @rootio/moment - Patched by Root

Root has patched CVE-2022-24785 in the @rootio/moment package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2016-4055 CVE-2016-4055 in @rootio/moment - Patched by Root

Root has patched CVE-2016-4055 in the @rootio/moment package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2017-18214 CVE-2017-18214 in @rootio/moment - Patched by Root

Root has patched CVE-2017-18214 in the @rootio/moment package for Root:npm. Multiple fixed versions available...

CVE-2026-8885

The DeMomentSomTres Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'callout' shortcode in all versions up to, and including, 1.1.1. This is due to insufficient input sanitization and output escaping on the 'width' and 'align' shortcode attributes...

karma-runner (=6.4.5), moment-om (=2.30.3) potentially affected by unknown CVE via get-package-lint (=0.1.0)

get-package-lint NPM version =0.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on get-package-lint and may be impacted: - karma-runner =6.4.5 - moment-om =2.30.3 Source cves: unknown CVE Source advisory: OSV:MAL-2026-4572...

Astra Linux - уязвимость в node-moment

moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Versions of moment that were affected use an inefficient parsing algorithm. Specifically, the string-to-date parsing method used by moment more precisely, the rfc2822 parsing method, which is used by...

CVE-2026-1516

creationtimestamp| type| source ---|---|--- 2026-04-09 00:35:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mizks6xl5325 2026-04-09 12:45:30+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mj2tm4jzoj2z 2026-04-09 20:00:00+00:00| seen|...

CVE-2026-5649

creationtimestamp| type| source ---|---|--- 2026-04-06 14:48:31+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mitj3dwvaa2o...

CVE-2026-23887

creationtimestamp| type| source ---|---|--- 2026-01-22 02:03:40+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mcy3tkxxgj26...

K000157365: Moment vulnerability CVE-2022-31129

Security Advisory Description moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment more specifically rfc2822 parsing, whi...

Malicious Package

Overview cordova-plugin-globalization.moment is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization an...

MAL-2025-49253 Malicious code in cordova-plugin-globalization.moment (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 431a9d9edd37d8a5dc80555f3c56e275f5c79162ed66ae419cc7b2450c6ad75c The package cordova-plugin-globalization.moment was found to contain malicious code. Source: ghsa-malware...

Linux Distros Unpatched Vulnerability : CVE-2022-31129

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient...

EUVD-2017-0191

Malware in sbrugna...

EUVD-2022-6433

Malicious code in bioql PyPI...

moment-timezone

This repository is an add-on for Moment.js, a JavaScript library for working with dates and times. It provides support for timezones, allowing users to easily work with dates and times in different timezones. The repository contains a variety of files, including a Gruntfile.js, which is used to...

CVE-2025-57754

eslint-ban-moment is an Eslint plugin for final assignment in VIHU. In 3.0.0 and earlier, a sensitive Supabase URI is exposed in .env. A valid Supabase URI with embedded username and password will allow an attacker complete unauthorized access and control over database and user data. This could...

CVE-2025-57754 eslint-ban-moment exposed a sensitive Supabase URI in .env (Credential leak)

eslint-ban-moment is an Eslint plugin for final assignment in VIHU. In 3.0.0 and earlier, a sensitive Supabase URI is exposed in .env. A valid Supabase URI with embedded username and password will allow an attacker complete unauthorized access and control over database and user data. This could...

CVE-2025-57754

CVE-2025-57754 affects eslint-ban-moment (plugin for ESLint) with versions 3.0.0 and earlier. The root cause is exposure of a sensitive Supabase URI in the .env file, which, if valid and contains embedded credentials, can grant an attacker complete unauthorized access and control over the databas...