CVE-2020-15123 Command injection in codecov (npm package)

In codecov npm package before version 3.7.1 the upload method has a command injection vulnerability. Clients of the codecov-node library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. A similar CVE CVE-2020-7597 for GHSA-5q88-cjfq-g2mh was...

The vulnerability of the extractDir function in the Node.js library for working with zip files (Adm-zip), which allows a hacker to execute arbitrary code.

The vulnerability of the extractDir function in the Node.js library for working with zip files in the Adm-zip library is related to an incorrect limitation on the path name of the directory. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code using a specially...

CVE-2018-3754

Node.js third-party module query-mysql versions 0.0.0, 0.0.1, and 0.0.2 are vulnerable to an SQL injection vulnerability due to lack of user input sanitization. This may allow an attacker to run arbitrary SQL queries when fetching data from database...