Malicious code in env-node-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0b1b6f1e45cba2962a0ff258e15bc55427bc91725fb41409442324f1a19cf520 The package env-node-cli was found to contain malicious code...

MAL-2026-2364 Malicious code in env-node-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0b1b6f1e45cba2962a0ff258e15bc55427bc91725fb41409442324f1a19cf520 The package env-node-cli was found to contain malicious code...

MAL-2026-1802 Malicious code in node-cli-dotenv (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3b7df6bef20ed41b1a5c7e3ca57da4665f799cfcc6d6cf27b6dc87f8fa0560bc The package node-cli-dotenv was found to contain malicious code...

Malicious code in dotenv-node-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f5f6b181cb56922381245597b93fd06147dd83845cd9467098172f6eab07a7c0 The package dotenv-node-cli was found to contain malicious code...

MAL-2026-1713 Malicious code in dotenv-node-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f5f6b181cb56922381245597b93fd06147dd83845cd9467098172f6eab07a7c0 The package dotenv-node-cli was found to contain malicious code...

EUVD-2019-0240

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2016-10538

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The package node-cli before 1.0.0 insecurely uses the lockfile and logfile. Both of these are temporary, but it allows the starting user to overwrite any file...

CVE-2025-51387

The GitKraken Desktop 10.8.0 and 11.1.0 is susceptible to code injection due to misconfigured Electron Fuses. Specifically, the following insecure settings were observed: RunAsNode is enabled and EnableNodeCliInspectArguments is not disabled. These configurations allow the application to be...

CVE-2024-25249

An issue in He3 App for macOS version 2.0.17, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings...

-llscw-react-cli (>=1.0.0 <=1.1.0-beta2), 002-node-cli (=1.0.0) +21418 more potentially affected by CVE-2022-25881 via http-cache-semantics (>=3.7.3 <=4.1.0)

http-cache-semantics NPM version =3.7.3, =1.0.0, =2.5.0, =0.0.1, =0.0.4 - 1095h-cli =1.0.1 - 10secondsofcode-custom =1.0.0 and more Source cves: CVE-2022-25881 Source advisory: OSV:GHSA-RC47-6667-2J5J...

Duplicate Advisory: Node CLI Allows Arbitrary File Overwrite

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6cpc-mj5c-m9rq. This link is maintained to preserve external references. Original Description An issue exists in node-cli 0.1.0 through 0.11.3 due to predictable temporary file names in lockfile and logfile, whi...

GHSA-3MRP-QHCJ-MWV5 Duplicate Advisory: Node CLI Allows Arbitrary File Overwrite

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6cpc-mj5c-m9rq. This link is maintained to preserve external references. Original Description An issue exists in node-cli 0.1.0 through 0.11.3 due to predictable temporary file names in lockfile and logfile, whi...

CVE-2016-10538

The package node-cli before 1.0.0 insecurely uses the lockfile and logfile. Both of these are temporary, but it allows the starting user to overwrite any file they have access to...

CVE-2016-10538

The package node-cli before 1.0.0 insecurely uses the lockfile and logfile. Both of these are temporary, but it allows the starting user to overwrite any file they have access to...

CVE-2016-10538

The package node-cli before 1.0.0 insecurely uses the lockfile and logfile. Both of these are temporary, but it allows the starting user to overwrite any file they have access to...

UBUNTU-CVE-2016-10538

The package node-cli before 1.0.0 insecurely uses the lockfile and logfile. Both of these are temporary, but it allows the starting user to overwrite any file they have access to...

Design/Logic Flaw

The package node-cli before 1.0.0 insecurely uses the lockfile and logfile. Both of these are temporary, but it allows the starting user to overwrite any file they have access to...

CVE-2016-10538

CVE-2016-10538 affects node-cli prior to 1.0.0, where the process insecurely uses temporary files (lock_file and log_file). This design flaw enables the starting user to overwrite arbitrary files they have access to, due to predictable temporary file names. The core issue is the ability to create...

CVE-2016-10538

The package node-cli before 1.0.0 insecurely uses the lockfile and logfile. Both of these are temporary, but it allows the starting user to overwrite any file they have access to...