Malicious code in yoshi-base (npm)

The package 'yoshi-base' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server npm.jpartifacts.com...

MAL-2025-12697 Malicious code in @zalastax/nolb-node-sw (npm)

The package @zalastax/nolb-node-sw was found to contain malicious code...

Malicious code in freenger (npm)

The package freenger was found to contain malicious code...

Malicious code in electromn (npm)

The package electromn was found to contain malicious code...

BIT-NODE-2020-8174

napigetvaluestring allows various kinds of memory corruption in node 10.21.0, 12.18.0, and 14.4.0...

The vulnerability of the OPC UA node-opcua software implementation, related to incorrect resource cleanup or release, allows a perpetrator to trigger a service failure.

The vulnerability of the OPC UA node-opcua software implementation is related to incorrect cleaning or release of resources. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures...

HTTP Request Smuggling

node is vulnerable to http request smuggling. The vulnerability exists when there are two or more copies of a header field in a http request and the first header field is identified and the rest are ignored...