385 matches found
EUVD-2025-177557
Malicious code in nodejs-csrf-sagitta-materialize npm...
MAL-2025-188325 Malicious code in nodejs-csrf-sagitta-materialize (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55b4a0d0f7ff3dd984df6f9575fd59892f7044b99a492bdad2834ae0362abd51 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-116561
Malicious code in aquarius-nodejs-electron-registry npm...
EUVD-2025-124352
Malicious code in nodejs-javascript-winston-aether npm...
EUVD-2025-112671
Malicious code in hydra-eslint-config-nodejs-triton npm...
EUVD-2025-122909
Malicious code in radiant-development-eslint-plugin-nodejs npm...
Malicious code in nodejs-frontend-sync-command (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 46ae7bd01528ae4eb0e9b0708506f1ef7e24e2a6f8bcb754efa14557a29756e1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-124520
Malicious code in nestjs-nodejs-electron-builder-auth npm...
EUVD-2025-105252
Malicious code in finalshrimpz3n npm...
EUVD-2025-77860
Malicious code in ytterbiccondorz3n npm...
EUVD-2025-69189
Malicious code in lutfi-telurtahu88-ruro npm...
CLSA-2025-1762361695 nodejs: Fix of CVE-2023-39333
CVE-2023-39333: fix maliciously crafted export names injection of JavaScript code...
Astra Linux - уязвимость в python-urllib3
urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the JavaScript Fetch API or falling back on XMLHttpRequest. This means...
Security Bulletin: multiple vulerability in IBM Spectrum Symphony with Node.js
Summary multiple vulerability in IBM Spectrum Symphony with Node.js Vulnerability Details CVEID:CVE-2024-27982 DESCRIPTION: The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling...
Malicious Package Injection
DuckDB is vulnerable to malicious package injection. The vulnerability is due to unauthorized access and compromise of the npm package publishing process, which allowed an attacker to upload malicious versions of DuckDB’s Node.js packages containing code that interfered with cryptocurrency...
Stealit Malware Using Node.js to Hide in Fake Game and VPN Installers
Fortinet warns of Stealit, a MaaS infostealer, now targeting Windows systems and evading detection by using Node.js’s SEA feature while hiding in fake game and VPN installers...
CVE-2025-61668
Volto is a ReactJS-based frontend for the Plone Content Management System. Versions 16.34.0 and below, 17.0.0 through 17.22.1, 18.0.0 through 18.27.1, and 19.0.0-alpha.1 through 19.0.0-alpha.5, an anonymous user could cause the NodeJS server part of Volto to quit with an error when visiting a...
libnotify before 1.0.4 for Node.js allows remote attackers to execute arbitrary commands via unspecified characters in a call to libnotify.notify.
...
Security Bulletin: Vulnerabilities in Bouncy Castle, Eclipse JGit and Node.js diff might affect IBM Storage Defender Copy Data Management
Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Bouncy Castle, Eclipse JGit and Node.js diff. Vulnerabilities include vulnerable to padding oracle attack, allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistic...
Malicious code in nodejs-example-google-cloud-trace (npm)
--- -= Per source details. Do not edit below this line.=-...