CVE-2025-68294

Summary : CVE-2025-68294 concerns the Linux kernel’s IO_URING/vectored buffer handling. The issue arises in the vectored buffer import path where the import used the wrong IO_kiocb context ('req') instead of the notification context (sr->notif), risking lifetime misalignment between the vector...

EUVD-2022-6382

Malicious code in bioql PyPI...

node-import `params` argument can be controlled by users without any sanitization

This affects all versions of package node-import. The params argument of module function can be controlled by users without any sanitization. This is then provided to the “eval” function located in line 79 in the index file index.js...

GHSA-PC62-CQ5X-3J5G node-import `params` argument can be controlled by users without any sanitization

This affects all versions of package node-import. The params argument of module function can be controlled by users without any sanitization. This is then provided to the “eval” function located in line 79 in the index file index.js...

@csn_chile/fuelgauge (=1.0.1), @csn_chile/ol_ws (=1.0.0) +8 more potentially affected by CVE-2020-7678 via node-import (>=0.1.9 <=0.9.2)

node-import NPM version =0.1.9, =1.0.0, =1.0.0, =0.0.2, =0.1.2, =1.1.2, =1.1.1, =1.4.2 Source cves: CVE-2020-7678 Source advisory: OSV:GHSA-PC62-CQ5X-3J5G...

CVE-2020-7678

This affects all versions of package node-import. The "params" argument of module function can be controlled by users without any sanitization.b. This is then provided to the “eval” function located in line 79 in the index file "index.js"...

Design/Logic Flaw

This affects all versions of package node-import. The "params" argument of module function can be controlled by users without any sanitization.b. This is then provided to the “eval” function located in line 79 in the index file "index.js"...

CVE-2020-7678 Arbitrary Code Execution

This affects all versions of package node-import. The "params" argument of module function can be controlled by users without any sanitization.b. This is then provided to the “eval” function located in line 79 in the index file "index.js"...

CVE-2020-7678

node-import is vulnerable to Arbitrary Code Execution: the params argument can be provided by users without sanitization and is passed to eval in index.js (line 79), affecting all versions. A PoC exists demonstrating code execution, and no fixed version is available. Practical remediation is to r...

PT-2022-9061 · Unknown · Node-Import

Name of the Vulnerable Software and Affected Versions: node-import versions all Description: The issue affects the params argument of a module function, which can be controlled by users without proper sanitization. This unsanitized input is then passed to the eval function, located in line 79 of...

node-import 安全漏洞

node-import is used by Nanang Mahdaen El Agung Individual Developer Indonesia to import dependencies and run them directly or link them and export to a file. A security vulnerability exists in node-import, which stems from the vulnerability of this package to arbitrary code execution, where the...

Code Injection in mahdaen/node-import

Overview node-import is a package that imports dependencies and run it directly or concatenate them and exports to file. This package is vulnerable to Arbitrary Code Execution. The params argument of the module function can be controlled by users without any sanitization. This is then provided to...

Arbitrary Code Execution

Overview node-import is a package that imports dependencies and run it directly or concatenate them and exports to file. Affected versions of this package are vulnerable to Arbitrary Code Execution. The "params" argument of module function can be controlled by users without any sanitization.b. Th...