org.webjars.npm:canvas (>=2.5.0 <=2.6.0), org.webjars.npm:color-thief (=2.2.5) +12 more potentially affected by CVE-2026-29786 via org.webjars.npm:tar (>=0.1.20 <=4.4.19)

org.webjars.npm:tar MAVEN version =0.1.20, =2.5.0, =0.97.5, =0.2.0, =3.4.0, =0.6.19, =2.0.0, =3.1.4, =3.4.1 - org.webjars.npm:tar.gz =1.0.7 Source cves: CVE-2026-29786 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15416076...

Prettier eslint-config-prettier Embedded Malicious Code Vulnerability

Prettier eslint-config-prettier contains an embedded malicious code vulnerability. Installing an affected package executes an install.js file that launches the node-gyp.dll malware on Windows...

Malicious code in napi-postinstall (npm)

This package installs a windows based malware file node-gyp.dll via install.js...

Malicious code in eslint-config-prettier (npm)

This package installs a windows based malware file node-gyp.dll via install.js...

Malicious code in eslint-plugin-prettier (npm)

This package installs a windows based malware file node-gyp.dll via install.js...

Malicious code in synckit (npm)

This package installs a windows based malware file node-gyp.dll via install.js...

GHSA-F29H-PXVX-F335 eslint-config-prettier, eslint-plugin-prettier, synckit, @pkgr/core, napi-postinstall have embedded malicious code

eslint-config-prettier 8.10.1, 9.1.1, 10.1.6, and 10.1.7 has embedded malicious code for a supply chain compromise. Installing an affected package executes an install.js file that launches the node-gyp.dll malware on Windows...

CVE-2025-54313

eslint-config-prettier 8.10.1, 9.1.1, 10.1.6, and 10.1.7 has embedded malicious code for a supply chain compromise. Installing an affected package executes an install.js file that launches the node-gyp.dll malware on Windows...

CVE-2025-54313

eslint-config-prettier 8.10.1, 9.1.1, 10.1.6, and 10.1.7 has embedded malicious code for a supply chain compromise. Installing an affected package executes an install.js file that launches the node-gyp.dll malware on Windows...

VulnCheck KEV: CVE-2025-54313

eslint-config-prettier 8.10.1, 9.1.1, 10.1.6, and 10.1.7 has embedded malicious code for a supply chain compromise. Installing an affected package executes an install.js file that launches the node-gyp.dll malware on Windows...

CVE-2024-21538 vulnerabilities

Vulnerabilities for packages: lerna, vitess, kibana, opensearch-dashboards, ts-patch, sqlpad, argo-workflows, pgadmin4, graalvm, opensearch-dashboards-fips, renovate, node-gyp, tileserver-gl, eslint, tileserver-gl-fips, airflow...

Malicious code in module-with-node-gyp (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ad0399f36bb5f87a753f7cfc481eebea229a86f704ea5e7fe4b1c82bb19bf0a2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in en-node-gyp-build (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-2300 Malicious code in en-node-gyp-build (npm)

--- -= Per source details. Do not edit below this line.=-...

GHSA-78XJ-CGH5-2H22 vulnerabilities

Vulnerabilities for packages: lerna, sqlpad, renovate, npm, node-gyp...

CVE-2023-42282 vulnerabilities

Vulnerabilities for packages: sqlpad, npm, renovate, node-gyp, lerna...

CVE-2023-42282 vulnerabilities

Vulnerabilities for packages: lerna, sqlpad, renovate, npm, node-gyp...

nodejs:16 security, bug fix, and enhancement update

nodejs 16.13.1-3.0.1 - Libraries must not be group-writeable. Change node-gyp permission to 0755 Orabug: 28451433 1:16.13.1-3 - Resolves: RHBZ2027610 - Add corepack to spec 1:16.13.1-2 - Resolves: RHBZ2027610 - Update npm version test 1:16.13.1-1 - Resolves: RHBZ2027644, RHBZ2027643, RHBZ2027638,...

nodejs:10 security update

nodejs 1:10.19.0-2 - Resolves: RHBZ1811498 1:10.19.0-1 - Rebase to 10.19.0 to fix CVE-2019-15604 to CVE-2019-15606 1:10.16.3-1 - Rebase to 10.16.3 to fix CVE-2019-9511 to CVE-2019-9518 1:10.14.1-1 - Resolves: RHBZ1644207 - fixes node-gyp permissions - rebase 1:10.11.0-2 - BuildRequire...

nodejs:10 security update

nodejs 1:10.19.0-1 - Rebase to 10.19.0 to fix CVE-2019-15604 to CVE-2019-15606 1:10.16.3-1 - Rebase to 10.16.3 to fix CVE-2019-9511 to CVE-2019-9518 1:10.14.1-1 - Resolves: RHBZ1644207 - fixes node-gyp permissions - rebase 1:10.11.0-2 - BuildRequire nodejs-packaging for proper npm dependency...