276 matches found
EUVD-2012-2710
Malware in sbrugna...
EUVD-2009-4484
Malware in sbrugna...
EUVD-2018-0209
Malware in sbrugna...
EUVD-2018-0435
Malware in sbrugna...
EUVD-2018-0230
Malware in sbrugna...
EUVD-2022-5777
Malicious code in bioql PyPI...
EUVD-2022-4766
Malicious code in bioql PyPI...
MAL-2025-22623 Malicious code in hookie.js (npm)
The package hookie.js was found to contain malicious code...
CVE-2020-8298
fs-path node module before 0.0.25 is vulnerable to command injection by way of user-supplied inputs via the copy, copySync, remove, and removeSync methods...
MAL-2025-2258 Malicious code in gh-node-module-generatebom (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a04173cc21773450d4bd86768588db1893acb72fbc0336681a1370f3c7e8e781 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in gh-node-module-generatebom (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a04173cc21773450d4bd86768588db1893acb72fbc0336681a1370f3c7e8e781 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Linux Distros Unpatched Vulnerability : CVE-2018-3750
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The utilities function in all versions = 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can contro...
Linux Distros Unpatched Vulnerability : CVE-2018-3728
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data MAID vulnerability via 'merge' and 'applyToDefaults'...
serve-static affected by template injection that can lead to XSS
...
Malicious code in @diotoborg/maxime-quisquam (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dd53a3740c87b6fd29c2c1302c126b37b50674e5241192a456dab98564e11783 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
USN-6758-1 node-json5 vulnerability
It was discovered that the JSON5 parse method incorrectly handled the parsing of keys named \proto\. An attacker could possibly use this issue to pollute the prototype of the returned object, setting arbitrary or unexpected keys, and cause a denial of service, allow unintended access to network...
ecdh.js 安全漏洞
ecdh.js is a native Node.js module for ECDH and ECDSA open sourced by Development IL. A security vulnerability exists in versions of ecdh.js prior to 0.2.0, which can be exploited by an attacker to send an invalid point not on the curve as a public key and get a derived shared key...
node-puppet-facter 安全漏洞
node-puppet-facter is an open source Node.JS module for Facter by OlinData. A security vulnerability exists in puppet-facter that stems from the getFact function not properly cleaning up data data...
ALPINE-CVE-2022-35256
The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling...
Code injection
Muhammara is a node module with c/cpp bindings to modify PDF with JavaScript for node or electron. The package muhammara before 2.6.2 and from 3.0.0 and before 3.3.0, as well as all versions of muhammara's predecessor package hummus, are vulnerable to Denial of Service DoS when supplied with a...