98 matches found
CVE-2026-44232
The CVE-2026-44232 entry concerns the Node.js library dssrf . The vulnerability, described across the CVE and related records, is that prior to version 1.3.0 every IPv6 category bypasses the is_url_safe check, enabling potential SSRF bypasses. The issue affects the dssrf functionality that guards...
CVE-2026-40931
Compressing is a compressing and uncompressing lib for node. Prior to 2.1.1 and 1.10.5, the patch for CVE-2026-24884 relies on a purely logical string validation within the isPathWithinParent utility. This check verifies if a resolved path string starts with the destination directory string but...
DEBIAN-CVE-2026-40895
follow-redirects is an open source, drop-in replacement for Node's http and https modules that automatically follows redirects. Prior to 1.16.0, when an HTTP request follows a cross-domain redirect 301/302/307/308, follow-redirects only strips authorization, proxy-authorization, and cookie header...
CVE-2026-40895
follow-redirects is an open source, drop-in replacement for Node's http and https modules that automatically follows redirects. Prior to 1.16.0, when an HTTP request follows a cross-domain redirect 301/302/307/308, follow-redirects only strips authorization, proxy-authorization, and cookie header...
EUVD-2026-5368
Compressing is a compressing and uncompressing lib for node. In version 2.0.0 and 1.10.3 and prior, Compressing extracts TAR archives while restoring symbolic links without validating their targets. By embedding symlinks that resolve outside the intended extraction directory, an attacker can caus...
CVE-2026-24884 Compressing Vulnerable to Arbitrary File Write via Symlink Extraction
Compressing is a compressing and uncompressing lib for node. In version 2.0.0 and 1.10.3 and prior, Compressing extracts TAR archives while restoring symbolic links without validating their targets. By embedding symlinks that resolve outside the intended extraction directory, an attacker can caus...
UBUNTU-CVE-2025-59437
The ip aka node-ip package through 2.0.1 in NPM might allow SSRF because the IP address value 0 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2024-29415. NOTE: in current versions of several applications, connection...
MAL-2025-12262 Malicious code in @zalastax/nolb-lione (npm)
The package @zalastax/nolb-lione was found to contain malicious code...
MAL-2025-27118 Malicious code in navisane (npm)
The package navisane was found to contain malicious code...
MAL-2025-16744 Malicious code in cgeqtowidauyhsjp (npm)
The package cgeqtowidauyhsjp was found to contain malicious code...
MAL-2025-13214 Malicious code in @zalastax/nolb-poh (npm)
The package @zalastax/nolb-poh was found to contain malicious code...
MAL-2025-19159 Malicious code in echo-tangerine-raspberry-srhxp (npm)
The package echo-tangerine-raspberry-srhxp was found to contain malicious code...
MAL-2025-19181 Malicious code in ecilop (npm)
The package ecilop was found to contain malicious code...
MAL-2025-25715 Malicious code in lynx-blackhole-typeorm-umbriel (npm)
The package lynx-blackhole-typeorm-umbriel was found to contain malicious code...
MAL-2025-12694 Malicious code in @zalastax/nolb-node-st (npm)
The package @zalastax/nolb-node-st was found to contain malicious code...
MAL-2025-25910 Malicious code in map-project (npm)
The package map-project was found to contain malicious code...
MAL-2025-19029 Malicious code in dynalogin (npm)
The package dynalogin was found to contain malicious code...
MAL-2025-12598 Malicious code in @zalastax/nolb-node-ca (npm)
The package @zalastax/nolb-node-ca was found to contain malicious code...
MAL-2025-21738 Malicious code in gophia (npm)
The package gophia was found to contain malicious code...
MAL-2025-14277 Malicious code in alchemy-s89r2-1zvdy-lucid-project (npm)
The package alchemy-s89r2-1zvdy-lucid-project was found to contain malicious code...