Malicious code in nodejs-grus-gacrux-auriga (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 992d9509225ff4662c83cd02c736feeaf3c3c0e546718d9dc8aa3474d3e661c0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-75204

Malicious code in worriedcod-gooddev npm...

EUVD-2025-62316

Malicious code in regionalfireflyz3n npm...

Microsoft Playwright Node.js Package < 1.55.1 Spoofing (CVE-2025-59288)

The version of the Microsoft Playwright Node.js Package installed on the remote host is prior to 1.55.1. It is, therefore, affected by a spoofing vulnerability: - Improper verification of cryptographic signature in GitHub allows an unauthorized attacker to perform spoofing over an adjacent networ...

Malicious code in ugentec-framework-angular (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0a91b6a72d36e1f86952649dd1acf051dd8bc358d059c4ebe50b229b77170ece Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

s3-uploader 操作系统命令注入漏洞

s3-uploader is flexible and efficient for image resizing, renaming and uploading to Amazon S3 disk storage. A security vulnerability in Turistforeningen node-s3-uploader 2.0.3 and earlier stems from a Node.js package insecurely passing data to the metadata function, which ultimately connects to a...

libnmapp package command injection vulnerability

The libnmapp package is a package for accessing nmap from Node.js. A command injection vulnerability exists in versions of libnmapp package prior to 0.4.16. An attacker can exploit this vulnerability to inject arbitrary operating system commands via the range field...