123-x-ed-eied (>=1.0.5 <=1.0.6), 128981semzub (=1.0.1) +14459 more potentially affected by CVE-2025-27789 via @babel/runtime (>=7.0.0-beta.31 <=7.26.0)

@babel/runtime NPM version =7.0.0-beta.31, =1.0.5, =0.1.0, =1.5.0, =0.24.0, =1.0.72, =0.0.1, =4.2.1, =1.0.0, =8.0.0, =8.0.2 - @1024pix/ember-cli-stencil =1.1.0 and more Source cves: CVE-2025-27789 Source advisory: OSV:GHSA-968P-4WVH-CQC8...

CouchAuth 注入漏洞

CouchAuth is a Perfood open source authentication API. An injection vulnerability exists in CouchAuth 0.21.2 and earlier versions, which stems from the presence of host header injection in NPM packages, allowing an attacker to trigger an SSTI via a specially crafted request to disclose informatio...

03-08 (=1.0.0), 06-jobs-api-vydeekelz (=1.0.0) +4084 more potentially affected by CVE-2025-23061 via mongoose (>=8.0.0 <=8.9.4)

mongoose NPM version =8.0.0, =1.0.0, =1.6.3, =1.0.0, =1.1.2, =0.1.2, =0.1.142 and more Source cves: CVE-2025-23061 Source advisory: OSV:GHSA-VG7J-7CWX-8WGW...

01runmodel (>=1.0.3 <=1.0.4), 1405-authtokens (>=1.0.1 <=1.0.5) +9322 more potentially affected by CVE-2025-23061 via mongoose (>=1.0.0 <=6.13.5)

mongoose NPM version =1.0.0, =1.0.3, =1.0.1, =1.0.0, =1.0.0, =1.0.7, =0.0.1, =0.0.2, =0.3.0, =0.0.1, =0.0.5 and more Source cves: CVE-2025-23061 Source advisory: OSV:GHSA-VG7J-7CWX-8WGW...

@dxfrontier/cds-ts-dispatcher (=2.1.4), @dxfrontier/cds-ts-repository (=1.1.3) +24 more potentially affected by CVE-2024-45277 via @sap/hana-client (>=2.10.13 <=2.21.28)

@sap/hana-client NPM version =2.10.13, =0.1.2, =1.1.1, =0.1.0, =1.0.2, =6.2.0, =2.0.0, =1.0.0, =1.6.0, =1.3.2, =1.1.1, =7.4.0, =4.3.0, =4.9.5 and more Source cves: CVE-2024-45277 Source advisory: OSV:GHSA-6339-GV7W-G5F4...

@betit/orion (>=0.1.3 <=0.1.17), @nichoth/router (>=0.0.0 <=0.0.2) +124 more potentially affected by CVE-2024-45296 via path-to-regexp (>=0.0.2 <=0.1.0)

path-to-regexp NPM version =0.0.2, =0.1.3, =0.0.0, =0.0.0, =0.0.1, =0.0.9-beta.1, =0.0.2, =2.0.0, =0.2.0, =0.0.1, =0.0.1, =1.0.6, =0.1.1, =0.1.2 and more Source cves: CVE-2024-45296 Source advisory: OSV:GHSA-9WV6-86V2-598J...

007putra-my-bot (=1.1.1), 02strich-markdown (>=1.0.0 <=1.0.2) +8693 more potentially affected by CVE-2024-37890 via ws (>=8.0.0 <=8.17.0)

ws NPM version =8.0.0, =1.0.0, =0.0.31, =0.2.0, =1.0.53, =1.0.0, =0.2.3, =0.2.5 - 7t7t7t37t =1.0.0 - 84447xe5t8 =1.0.0 - 8wcy8cycwcu =1.0.0 - 8wyc8ywyc8c =1.0.0 - 9cwyw8bcyy8wc =1.0.0 and more Source cves: CVE-2024-37890 Source advisory: OSV:GHSA-3H5V-Q93C-6H6Q...

@128technology/ply (>=1.0.0-alpha.0 <=1.0.0-alpha.7), @128technology/yinz (=5.0.0-alpha.6) +87 more potentially affected by CVE-2024-34393 via libxmljs2 (>=0.21.7 <=0.33.0)

libxmljs2 NPM version =0.21.7, =1.0.0-alpha.0, =5.0.0, =2.4.0, =1.14.0, =1.0.0, =3.0.0, =6.0.0, =6.0.0, =11.0.0, =6.0.0, =6.0.0, =0.186.0, =1.205.5 and more Source cves: CVE-2024-34393 Source advisory: OSV:GHSA-MJR4-7XG5-PFVH...

02url-querystring-http (>=1.0.1 <=1.0.4), 0xgank-tea-advice-pull (=1.0.0) +32371 more potentially affected by CVE-2024-33883 via ejs (>=0.0.1 <=3.0.2)

ejs NPM version =0.0.1, =1.0.1, =1.0.4 - 0xgank-tea-advice-pull =1.0.0 - 0xgank-tea-balance-pencil =1.0.0 - 0xgank-tea-brick-bell =1.0.0 - 0xgank-tea-cake-victory =1.0.0 - 0xgank-tea-central-compound =1.0.0 - 0xgank-tea-characteristic =1.0.0 - 0xgank-tea-child-evening =1.0.0 -...

0data (=1.0.0), 1.1.1-version (=1.0.0) +5422 more potentially affected by CVE-2024-21509 via mysql2 (>=3.0.0-rc.1 <=3.9.3)

mysql2 NPM version =3.0.0-rc.1, =1.0.0, =0.0.4, =0.0.1, =1.0.0, =0.0.1-alpha.5, =0.0.1-alpha.4, =0.0.1-alpha.1, =0.1.6-alpha.2, =0.0.8, =0.0.165 and more Source cves: CVE-2024-21509 Source advisory: SNYK:JS-MYSQL2-6591084...

0utmailauth (=1.0.0), 0xkobold (>=0.0.1 <=0.8.0) +15394 more potentially affected by CVE-2024-24750 via undici (>=6.0.1 <=6.5.0)

undici NPM version =6.0.1, =0.0.1, =1.0.1, =1.0.0, =1.0.0, =1.0.1, =1.0.68, =4.11.0, =4.11.46 - 7up-dev =1.0.0 - 7up-developer =1.0.0 - 7up-kingdom =1.0.0 - 7up-nub =1.0.0 and more Source cves: CVE-2024-24750 Source advisory: OSV:GHSA-9F24-JQHM-JFCW...

-liuxin (=1.0.0), -test-bitbucket-branch-manager (=1.0.1) +26415 more potentially affected by CVE-2023-26159 via follow-redirects (>=0.0.3 <=1.15.3)

follow-redirects NPM version =0.0.3, =1.0.0, =1.0.1, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.1.0 - 0a =1.0.0 - 0c =1.0.0 and more Source cves: CVE-2023-26159 Source advisory: OSV:GHSA-JCHW-25XP-JWWC...

0xsodium (>=0.0.0 <=1.48.0), 3extensions (=1.0.1) +967 more potentially affected by CVE-2023-26144 via graphql (>=16.3.0 <=16.8.0)

graphql NPM version =16.3.0, =0.0.0, =0.0.1, =0.0.0, =0.0.0, =0.0.1, =1.16.13, =1.8.5, =1.1.12, =1.6.23, =1.16.6, =1.1.12, =1.8.5, =1.16.33, =1.0.0, =1.17.12-beta-20260420-075606-d7d7a9c7 and more Source cves: CVE-2023-26144 Source advisory: OSV:GHSA-9PV7-VFVM-6VR7...

@4qwerty7/mathjax-node-page (>=3.2.0 <=3.2.1), @4qwerty7/syzoj-renderer (>=1.0.7 <=1.2.1) +139 more potentially affected by CVE-2023-39663 via mathjax (>=2.6.1 <=2.7.9)

mathjax NPM version =2.6.1, =3.2.0, =1.0.7, =1.0.0, =1.0.0, =2.0.0, =1.0.36, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =0.4.0, =0.1.1, =0.0.1, =0.0.13 and more Source cves: CVE-2023-39663 Source advisory: OSV:GHSA-V638-Q856-GRG8...

@bitskyai/retailer-sdk (>=0.1.1 <=0.3.2), @codious/core (>=1.0.0 <=1.0.5) +71 more potentially affected by CVE-2021-32050 via mongodb (>=3.6.0 <=3.6.1)

mongodb NPM version =3.6.0, =0.1.1, =1.0.0, =2.0.0, =1.0.0, =0.15.1, =4.0.1-alpha-0bd7fa5.0, =4.3.0-fast-roles2, =0.0.1, =0.1.0, =0.0.32, =0.0.3, =1.0.0, =1.81.0 and more Source cves: CVE-2021-32050 Source advisory: OSV:GHSA-VXVM-QWW3-2FH7...

2broke2wait (=0.1.0), 2ch-fetcher-with-proxy (>=1.0.0 <=1.0.1) +4108 more potentially affected by CVE-2023-37903 via vm2 (>=1.0.1 <=3.9.19)

vm2 NPM version =1.0.1, =1.0.0, =15.0.0, =5.1.3, =1.0.2, =1.0.1, =0.1.0, =0.1.0, =0.1.0, =0.0.1, =0.2.48, =0.12.5-20190619040852, =0.24.1-20230627140514 and more Source cves: CVE-2023-37903 Source advisory: OSV:GHSA-G644-9GFX-Q4Q4...

@00ssh/erdnest (>=0.2.19 <=0.2.23), @0cfg/rpc-common (>=0.0.1 <=0.1.3) +2630 more potentially affected by CVE-2023-36665 via protobufjs (>=6.10.0 <=6.11.3)

protobufjs NPM version =6.10.0, =0.2.19, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.11, =0.0.8-alpha.0, =0.1.0, =0.0.2, =0.0.1, =0.0.5, =1.9.4, =1.9.15 and more Source cves: CVE-2023-36665 Source advisory: OSV:GHSA-H755-8QP9-CQ85...

Malicious code in assets-graph (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx e513e7556846ca62fa4d27646eef928d55f2c2954ce9caa51dd63643e2adf445 Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...

7ghost (>=4.11.0 <=4.11.46), 7ghost-cli (>=1.17.6-next.0 <=1.18.4) +283 more potentially affected by CVE-2023-26136 via tough-cookie (>=4.0.0 <=4.1.2)

tough-cookie NPM version =4.0.0, =4.11.0, =1.17.6-next.0, =2.0.0, =3.11.1, =1.1.3, =1.0.51, =1.0.1, =1.0.4, =1.2.95, =1.0.0, =1.0.1, =1.0.57, =1.0.3, =1.0.469 and more Source cves: CVE-2023-26136 Source advisory: SNYK:JS-TOUGHCOOKIE-5672873...

Malicious code in ipsecurity (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx a051635703d3a602e1b05da35aa26561b2f211a4625fe23054dd6d8f6b44757b Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...