Malicious code in node-fetch-v3 (npm)

The package node-fetch-v3 was found to contain malicious code...

Linux Distros Unpatched Vulnerability : CVE-2022-2596

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inefficient Regular Expression Complexity in GitHub repository node-fetch/node-fetch prior to 3.2.10. CVE-2022-2596 Note that Nessus relies on the presence of t...

luis-reddit-cli (=1.0.0), md-links-larissadepaula (>=0.2.0 <=0.2.1) +1 more potentially affected by unknown CVE via node-fecth (=0.0.1-security)

node-fecth NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on node-fecth and may be impacted: - luis-reddit-cli =1.0.0 - md-links-larissadepaula =0.2.0, =0.0.37, =0.0.40 Source cves: unknown CVE Source advisory: OSV:MAL-2025-27...

Malicious code in whatwg-node-fetch-polyfill (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a1f59eebf54f348e9ae3e94af39368c59899516438f8b029e4db2d91f075ac95 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3126 Malicious code in whatwg-node-fetch-polyfill (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a1f59eebf54f348e9ae3e94af39368c59899516438f8b029e4db2d91f075ac95 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.1

Summary In addition to updates of open source dependencies, the following security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.1 Vulnerability Details CVEID:CVE-2022-21724 DESCRIPTION: PostgreSQL JDBC Driver PgJDBC could allow a remote authenticated attack...

Malicious code in bitmex-node-fetch (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5cc7c20df046cd10e263fa37bcda6196d91e23537ce001e8ed4b9598700ad8b8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-11916 Malicious code in bitmex-node-fetch (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5cc7c20df046cd10e263fa37bcda6196d91e23537ce001e8ed4b9598700ad8b8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Security Bulletin: IBM Cognos Analytics Mobile (iOS) is affected by multiple vulnerabilities

Summary There are vulnerabilities in Open Source Software OSS libraries consumed by IBM Cognos Analytics Mobile. These issues have been addressed by upgrading or removing the vulnerable libraries. Additionally, vulnerabilites related to CORS misconfiguration and Certificate Pinning have been...

Malicious code in ndoe-fethc (npm)

The package contains a preinstall hook to execute unhook.js, which has cryptocurrency stealing functionality. --- -= Per source details. Do not edit below this line.=-...

RHEL 8 : grafana (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - nodejs-underscore: Arbitrary code execution via the template function CVE-2021-23358 - node-fetch is...

RHEL 8 : grafana (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - grafana: session control failure may lead to information disclosure CVE-2022-32275 - protobufjs: prototyp...

RHEL 7 : node-fetch (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - node-fetch: exposure of sensitive information to an unauthorized actor CVE-2022-0235 Note that Nessus has not teste...

RHEL 8 : node-fetch (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - node-fetch: exposure of sensitive information to an unauthorized actor CVE-2022-0235 Note that Nessus has not teste...

Malicious code in node-fetch-full (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware aa23bafe4cbc222c49a4c23ca3b173859fdba0359b927939a941b4768c6e0963 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-959 Malicious code in node-fetch-full (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware aa23bafe4cbc222c49a4c23ca3b173859fdba0359b927939a941b4768c6e0963 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Security Bulletin:Multiple Vulnerabilities found in Turf.js which is shipped with IBM® Intelligent Operations Center(CVE-2020-15168, CVE-2022-0235)

Summary Multiple vulnerabilities have been identified in Turf.js which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details...

Prevent logging invalid header values

Impact What kind of vulnerability is it? Apollo Server can log sensitive information Studio API keys if they are passed incorrectly with leading/trailing whitespace or if they have any characters that are invalid as part of a header value. Who is impacted? Users who all of the below: use either t...

Prevent logging invalid header values

Impact What kind of vulnerability is it? Apollo Server can log sensitive information Studio API keys if they are passed incorrectly with leading/trailing whitespace or if they have any characters that are invalid as part of a header value. Who is impacted? Users who all of the below: use either t...

Security Bulletin: IBM Spectrum Discover is vulnerable to multiple vulnerabilities

Summary IBM has addressed multiple vulnerabilities in IBM Spectrum Discover. Webpack loader-utils CVE-2022-37601 is vulnerable to execute arbitrary code on the system caused by a pollution flaw in parseQuery function. OpenStack Keystone CVE-2021-3563 is vulnerable to bypass security restriction...