77 matches found
MAL-2025-41243 Malicious code in zze2 (npm)
The package zze2 was found to contain malicious code...
02url-querystring-http (>=1.0.1 <=1.0.4), 1-0-5-hai-aage-dekhte-hein-kya-aat-hai (>=1.0.5 <=1.0.6) +11583 more potentially affected by CVE-2025-47935 via multer (>=0.0.5 <=2.0.0-alpha.6)
multer NPM version =0.0.5, =1.0.1, =1.0.5, =2.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.3 - 6e-alpha-backend-admin =1.0.0 - 7-segunda-preentrega =1.0.0 and more Source cves: CVE-2025-47935 Source advisory: OSV:GHSA-44FP-W29J-9VJ5...
2mxdev-gql-gateway (=1.0.0), @2mxdev/gql-gateway (>=1.0.0 <=4.0.2) +217 more potentially affected by CVE-2025-32030 via @apollo/gateway (>=0.10.4 <=2.10.0)
@apollo/gateway NPM version =0.10.4, =1.0.0, =1.0.0, =0.0.7, =0.0.1-feature-ci-publish.2, =0.0.1-feature-ci-publish.2, =0.6.5, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.0.1, =0.0.22 and more Source cves: CVE-2025-32030 Source advisory: OSV:GHSA-Q2F9-X4P4-7XMH...
2002-app-demo (>=1.0.0 <=1.2.1), 3.21lianxi (=1.0.0) +1771 more potentially affected by CVE-2024-30260 via undici (>=0.3.3 <=5.28.3)
undici NPM version =0.3.3, =1.0.0, =0.5.0, =1.0.0, =0.1.23, =0.0.24, =0.0.0, =0.7.1, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.2 and more Source cves: CVE-2024-30260 Source advisory: OSV:GHSA-M4V8-WQVR-P9F7...
@gov.au/pancake (>=0.0.6 <=0.0.10), agile-alarm (>=0.0.1 <=0.0.2) +32 more potentially affected by CVE-2023-40582 via find-exec (>=0.0.3 <=1.0.2)
find-exec NPM version =0.0.3, =0.0.6, =0.0.1, =1.3.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =2.0.0, =0.1.0, =0.1.0, =1.4.0, =1.4.9 and more Source cves: CVE-2023-40582 Source advisory: OSV:GHSA-95RP-6GQP-6622...
@bitacode/apispecmd-ts (=0.0.2), @cjser/gulp-markdown-pdf (=9.0.0-cjser.2) +34 more potentially affected by CVE-2023-0835 via markdown-pdf (>=0.1.1 <=11.0.0)
markdown-pdf NPM version =0.1.1, =1.0.0, =1.0.0, =1.0.6, =1.2.151, =1.0.1, =1.17.0, =2.0.0, =0.1.0, =2.0.0, =1.0.0, =1.0.1 and more Source cves: CVE-2023-0835 Source advisory: OSV:GHSA-QGHR-877H-F9JH...
Malicious code in tsconfig-package (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 08dd3fd9f05003ef6ca4f61ed5a23a69fd09a1c7cd9973f6d2caaa673066c803 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
@3wks/gae-node-nestjs (>=0.1.0 <=6.0.0-rc.0), @aeroline_1025/hapi-corpsso (>=2.1.3 <=2.3.0) +73 more potentially affected by CVE-2022-39299 via passport-saml (>=0.12.0 <=3.2.0)
passport-saml NPM version =0.12.0, =0.1.0, =2.1.3, =1.0.0, =4.0.0, =0.0.0-nightly-2020972106, =3.4.2, =0.1.0, =1.0.0, =1.0.0, =2.4.0, =7.1.1, =6.2.2, =1.1.109, =1.3.78 and more Source cves: CVE-2022-39299 Source advisory: OSV:GHSA-M974-647V-WHV7...
@gitldy1013/vuepress-theme-ldy (>=1.1.2 <=1.1.3), @next-theme/plugins (>=0.0.2 <=8.1.0) +20 more potentially affected by CVE-2022-38545 via valine (>=1.3.10 <=1.4.4)
valine NPM version =1.3.10, =1.1.2, =0.0.2, =1.0.0, =2.0.0-beta.0, =1.0.11, =0.0.1, =1.0.0, =1.0.0, =1.0.8-alpha.5, =1.1.2, =1.2.1, =1.6.4 - vuepress-theme-moon =2.0.0-beta.68 and more Source cves: CVE-2022-38545 Source advisory: OSV:GHSA-MCVG-G9WX-V5VX...
1batch (=1.0.0), 30-lines-telegram-bot (>=1.0.0 <=1.0.1) +4707 more potentially affected by CVE-2022-25896 via passport (>=0.1.10 <=0.5.3)
passport NPM version =0.1.10, =1.0.0, =1.1.0, =4.11.0, =0.1.0, =0.0.1, =1.0.3, =1.0.0, =1.0.0, =1.0.0, =0.0.1, =1.1.18 and more Source cves: CVE-2022-25896 Source advisory: OSV:GHSA-V923-W3X8-WH69...
@tutor/jailed-sandbox (>=0.2.0 <=0.2.1), @tutor/markdown2html (>=0.1.2 <=0.2.3) +4 more potentially affected by CVE-2022-23923 via jailed (>=0.2.0 <=0.3.1)
jailed NPM version =0.2.0, =0.2.0, =0.1.2, =1.0.0, =0.0.1, =0.1.13, =2.0.0, =3.1.9 Source cves: CVE-2022-23923 Source advisory: OSV:GHSA-77M7-9WVW-87FX...
1508-cli (>=1.0.4 <=1.0.6), 2context (>=0.1.0 <=0.2.0) +12269 more potentially affected by CVE-2022-24066 via simple-git (>=0.10.0 <=3.4.0)
simple-git NPM version =0.10.0, =1.0.4, =0.1.0, =0.1.0, =1.0.0, =0.16.0, =0.0.80, =1.0.0-beta.1, =1.0.0, =0.0.2, =1.0.0, =1.0.0, =1.25.0, =1.33.0 and more Source cves: CVE-2022-24066 Source advisory: OSV:GHSA-28XR-MWXG-3QC8...
time-please (=1.1.9) potentially affected by CVE-2021-33041 via vmd (=1.34.0)
vmd NPM version =1.34.0 is affected by a known vulnerability. The following packages have a transitive dependency on vmd and may be impacted: - time-please =1.1.9 Source cves: CVE-2021-33041 Source advisory: OSV:GHSA-PFR3-87Q3-65RC...
@cycle-robot-drivers/run (>=0.0.0 <=1.0.27), @wannaby/wanna-model-viewer (>=0.0.1 <=0.0.10) +17 more potentially affected by CVE-2020-7755 via dat.gui (>=0.6.5 <=0.7.7)
dat.gui NPM version =0.6.5, =0.0.0, =0.0.1, =1.0.0, =3.0.0, =0.0.0, =0.0.0, =1.0.0, =0.6.0, =0.1.0, =0.3.2, =2.0.0, =0.0.7, =0.0.0, =0.0.7 and more Source cves: CVE-2020-7755 Source advisory: SNYK:JS-DATGUI-1016275...
0latency (=0.0.0), 192.168.0.172 (=4.6.1) +3626 more potentially affected by CVE-2016-10541 via shell-quote (>=0.0.1 <=1.6.0)
shell-quote NPM version =0.0.1, =1.0.0, =0.0.2, =1.0.0, =1.4.0, =0.0.0, =1.1.0, =0.1.3, =0.1.33, =0.0.3, =0.2.9 and more Source cves: CVE-2016-10541 Source advisory: OSV:GHSA-QG8P-V9Q4-GH34...
@byinti/inticli (>=0.1.0 <=2.1.1), @firecubez/req (=1.2.0) +65 more potentially affected by CVE-2018-3722 via merge-deep (>=0.1.5 <=3.0.0)
merge-deep NPM version =0.1.5, =0.1.0, =0.0.0, =0.1.0-beta.2, =0.22.0, =1.0.0, =0.0.1, =0.0.2, =0.0.2, =0.0.2, =0.0.4, =0.1.1, =1.0.0, =1.0.2 and more Source cves: CVE-2018-3722 Source advisory: OSV:GHSA-9G9W-HMVJ-5H57...
00ld8nuivn (=2.1.0), 00rqiw31nd (=2.1.0) +17595 more potentially affected by CVE-2014-7191 via qs (>=0.1.0 <=0.6.6)
qs NPM version =0.1.0, =0.6.6 is affected by a known vulnerability. The following packages have a transitive dependency on qs and may be impacted: - 00ld8nuivn =2.1.0 - 00rqiw31nd =2.1.0 - 01dk01majk =2.1.0 - 02rjq8i863 =1.1.0 - 02vx8qsp01 =2.1.0 - 05y6tjgmws =1.1.0 - 066m7q8o0z =2.1.0 - 06buj9h3...