EUVD-2020-0290

Malware in sbrugna...

@capriza/far (>=0.1.2 <=2.4.2), @cobalt-engine/cobower (=2.0.0) +387 more potentially affected by CVE-2025-59343 via tar-fs (>=0.1.8 <=1.16.3)

tar-fs NPM version =0.1.8, =0.1.2, =6.0.3, =6.0.3, =6.0.3, =2.1.1, =0.10.2, =0.0.0-beta.1, =0.0.0-beta.1, =0.0.0-beta.1, =0.1.0, =0.1.0, =1.0.5, =1.1.2 - @elm-node/npm-scripts =1.0.0 - @hlsrules-test/fc-libreoffice =1.0.0 and more Source cves: CVE-2025-59343 Source advisory: OSV:GHSA-VJ76-C3G6-QR...

Malicious code in teste-depenconfu (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 56a7fcb8d17544bc05d4a5222d7741781d9b33d6ad5d334d6c74b8851d20a257 The OpenSSF Package Analysis project identified 'teste-depenconfu' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

@capriza/far (>=0.1.2 <=2.4.2), @cobalt-engine/cobower (=2.0.0) +387 more potentially affected by CVE-2024-12905 via tar-fs (>=0.1.8 <=1.16.3)

tar-fs NPM version =0.1.8, =0.1.2, =6.0.3, =6.0.3, =6.0.3, =2.1.1, =0.10.2, =0.0.0-beta.1, =0.0.0-beta.1, =0.0.0-beta.1, =0.1.0, =0.1.0, =1.0.5, =1.1.2 - @elm-node/npm-scripts =1.0.0 - @hlsrules-test/fc-libreoffice =1.0.0 and more Source cves: CVE-2024-12905 Source advisory: OSV:GHSA-PQ67-2WWV-3X...

MAL-2024-9513 Malicious code in auto-instrumentations-node (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in voicemail-main-fsm (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 90ed83674650961e5a0e991ff16430ef0df969b6e843db3202f67a8c78bc9aee Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

@adobe/probot-serverless-openwhisk (>=4.0.24 <=4.0.54), @csnext/cs-layer-server (>=0.0.101-beta.22 <=0.0.132-beta.207) +244 more potentially affected by CVE-2021-32822 via hbs (>=1.0.1 <=4.1.2)

hbs NPM version =1.0.1, =4.0.24, =0.0.101-beta.22, =0.7.0, =0.7.0, =0.7.0, =0.19.0, =2.0.1, =0.1.5, =0.9.0, =0.0.1-alpha.0, =0.1.2, =0.1.2, =0.1.0, =0.2.1, =4.3.0 and more Source cves: CVE-2021-32822 Source advisory: OSV:GHSA-7F5C-RPF4-86P8...

CVE-2020-7597

codecov-node npm module before 3.6.5 allows remote attackers to execute arbitrary commands.The value provided as part of the gcov-root argument is executed by the exec function within lib/codecov.js. This vulnerability exists due to an incomplete fix of CVE-2020-7596...

@aaa-backend-stack/graphql (>=1.16.1 <=2.4.4), @aaa-backend-stack/graphql-rest-bindings (>=1.16.0 <=1.16.9) +264 more potentially affected by CVE-2019-10748 via sequelize (>=1.0.2 <=3.34.0)

sequelize NPM version =1.0.2, =1.16.1, =1.16.0, =1.16.0, =1.16.0, =1.16.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.12.0, =1.0.22, =2.0.10, =1.0.97, =1.6.489, =1.6.735 and more Source cves: CVE-2019-10748 Source advisory: OSV:GHSA-J9XP-92VC-559J...