@agent-relay/daemon (>=2.0.5 <=2.3.14), @agent-relay/dashboard (>=2.0.18 <=2.0.19) +364 more potentially affected by unknown CVE via posthog-node (>=4.0.0 <=4.18.0)

posthog-node NPM version =4.0.0, =2.0.5, =2.0.18, =2.0.5, =2.0.5, =0.59.0, =1.0.0, =0.3.0, =1.0.0, =0.17.1, =1.1.1, =0.1.6, =1.0.0, =0.7.107, =0.1.0, =2.0.1 and more Source cves: unknown CVE Source advisory: SNYK:JS-POSTHOGNODE-14103346...

EUVD-2015-3012

Malware in sbrugna...

EUVD-2011-3930

Malware in sbrugna...

EUVD-2018-0228

Malware in sbrugna...

EUVD-2020-0029

Malware in sbrugna...

EUVD-2022-5589

Malicious code in bioql PyPI...

EUVD-2022-38147

Malicious code in bioql PyPI...

EUVD-2022-0215

Malicious code in bioql PyPI...

CVE-2025-57353

The Runtime components of messageformat package for Node.js before 3.0.2 contain a prototype pollution vulnerability. Due to insufficient validation of nested message keys during the processing of message data, an attacker can manipulate the prototype chain of JavaScript objects by providing...

@htmlgoddess/cli (>=0.3.5 <=0.4.4), @htmlgoddess/webpack-plugin (>=0.1.0 <=0.4.4) +23 more potentially affected by unknown CVE via babel-node (=0.0.1-security)

babel-node NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on babel-node and may be impacted: - @htmlgoddess/cli =0.3.5, =0.1.0, =1.0.1, =1.0.0, =0.0.1, =0.2.0, =0.0.1, =0.0.7, =0.2.9, =1.0.1, =1.1.1 and more Source cves: unkno...

CVE-2025-54568

Akamai Rate Control alpha before 2025 allows attackers to send requests above the stipulated thresholds because the rate is measured separately for each edge node...

Security Bulletin: IBM Maximo Application Suite - Manage Component uses node 16.16.0 which is vulnerable to CVE-2023-32002, CVE-2022-35255

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses node 16.16.0 which is vulnerable to CVE-2023-32002, CVE-2022-35255. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-32002 DESCRIPTION: The use of...

CVE-2020-7597

codecov-node npm module before 3.6.5 allows remote attackers to execute arbitrary commands.The value provided as part of the gcov-root argument is executed by the exec function within lib/codecov.js. This vulnerability exists due to an incomplete fix of CVE-2020-7596...

CVE-2025-32395

CVE-2025-32395 affects Vite (frontend tooling for JavaScript). The vulnerability arises when a dev server is exposed to the network on Node/Bun (not Deno) and a request-target containing a # is processed, bypassing server.fs.deny due to req.url handling. Affected versions prior to 6.2.6, 6.1.5, 6...

CVE-2022-31006

indy-node is the server portion of Hyperledger Indy, a distributed ledger purpose-built for decentralized identity. In vulnerable versions of indy-node, an attacker can max out the number of client connections allowed by the ledger, leaving the ledger unable to be used for its intended purpose...

BIT-NODE-MIN-2022-35256

The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling...

CVE-2024-52913

In Bitcoin Core before 0.21.0, an attacker could prevent a node from seeing a specific unconfirmed transaction, because transaction re-requests are mishandled...

Node.js Security Vulnerabilities

Node.js is an open source, cross-platform JavaScript runtime environment. Node.js suffers from a security vulnerability that stems from a lack of protection against block-extended bytes. An attacker exploits the vulnerability to send specially crafted HTTP requests using chunked encoding, resulti...

PT-2024-40047 · Ckb · Ckb

Name of the Vulnerable Software and Affected Versions: CKB affected versions not specified Description: An issue allows an adversary to create a message with a compressed size less than the package limit, but with a very large decompressed length, such as 1G. This can cause a node to consume a...

nodejs: mainModule.proto bypass experimental policy mechanism

A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require can bypass the policy mechanism and require modules outside of the policy.json definition...