@0xvaibhav/--core (>=1.0.0 <=1.0.4), @0xvaibhav/divergent-node (>=0.0.1 <=0.0.3) +783 more potentially affected by CVE-2025-8020 via private-ip (>=1.0.5 <=3.0.2)

private-ip NPM version =1.0.5, =1.0.0, =0.0.1, =1.0.3, =0.0.1, =0.0.2, =9.3.0, =1.16.47, =1.16.47, =1.1.12, =1.16.33-beta-20241028-005826-60afb7c4, =1.16.47, =1.0.0, =1.16.47, =1.0.0, =1.0.35, =1.3.1 and more Source cves: CVE-2025-8020 Source advisory: SNYK:JS-PRIVATEIP-9510757...

123-x-ed-eied (>=1.0.5 <=1.0.6), 128981semzub (=1.0.1) +14463 more potentially affected by CVE-2025-27789 via @babel/runtime (>=7.0.0-beta.31 <=7.26.0)

@babel/runtime NPM version =7.0.0-beta.31, =1.0.5, =0.1.0, =1.5.0, =0.24.0, =1.0.72, =0.0.1, =4.2.1, =1.0.0, =8.0.0, =8.0.2 - @1024pix/ember-cli-stencil =1.1.0 and more Source cves: CVE-2025-27789 Source advisory: OSV:GHSA-968P-4WVH-CQC8...

CouchAuth 注入漏洞

CouchAuth is a Perfood open source authentication API. An injection vulnerability exists in CouchAuth 0.21.2 and earlier versions, which stems from the presence of host header injection in NPM packages, allowing an attacker to trigger an SSTI via a specially crafted request to disclose informatio...

01runmodel (>=1.0.3 <=1.0.4), 1405-authtokens (>=1.0.1 <=1.0.5) +9314 more potentially affected by CVE-2025-23061 via mongoose (>=1.0.0 <=6.13.5)

mongoose NPM version =1.0.0, =1.0.3, =1.0.1, =1.0.0, =1.0.0, =1.0.7, =0.0.1, =0.0.2, =0.3.0, =0.0.1, =0.0.5 and more Source cves: CVE-2025-23061 Source advisory: OSV:GHSA-VG7J-7CWX-8WGW...

03-08 (=1.0.0), 06-jobs-api-vydeekelz (=1.0.0) +4061 more potentially affected by CVE-2025-23061 via mongoose (>=8.0.0 <=8.9.4)

mongoose NPM version =8.0.0, =1.0.0, =1.6.3, =1.0.0, =1.1.2, =0.1.2, =0.1.142 and more Source cves: CVE-2025-23061 Source advisory: OSV:GHSA-VG7J-7CWX-8WGW...

@dxfrontier/cds-ts-dispatcher (=2.1.4), @dxfrontier/cds-ts-repository (=1.1.3) +24 more potentially affected by CVE-2024-45277 via @sap/hana-client (>=2.10.13 <=2.21.28)

@sap/hana-client NPM version =2.10.13, =0.1.2, =1.1.1, =0.1.0, =1.0.2, =6.2.0, =2.0.0, =1.0.0, =1.6.0, =1.3.2, =1.1.1, =7.4.0, =4.3.0, =4.9.5 and more Source cves: CVE-2024-45277 Source advisory: OSV:GHSA-6339-GV7W-G5F4...

@betit/orion (>=0.1.3 <=0.1.17), @nichoth/router (>=0.0.0 <=0.0.2) +124 more potentially affected by CVE-2024-45296 via path-to-regexp (>=0.0.2 <=0.1.0)

path-to-regexp NPM version =0.0.2, =0.1.3, =0.0.0, =0.0.0, =0.0.1, =0.0.9-beta.1, =0.0.2, =2.0.0, =0.2.0, =0.0.1, =0.0.1, =1.0.6, =0.1.1, =0.1.2 and more Source cves: CVE-2024-45296 Source advisory: OSV:GHSA-9WV6-86V2-598J...

007putra-my-bot (=1.1.1), 02strich-markdown (>=1.0.0 <=1.0.2) +8694 more potentially affected by CVE-2024-37890 via ws (>=8.0.0 <=8.17.0)

ws NPM version =8.0.0, =1.0.0, =0.0.31, =0.2.0, =1.0.53, =1.0.0, =0.2.3, =0.2.5 - 7t7t7t37t =1.0.0 - 84447xe5t8 =1.0.0 - 8wcy8cycwcu =1.0.0 - 8wyc8ywyc8c =1.0.0 - 9cwyw8bcyy8wc =1.0.0 and more Source cves: CVE-2024-37890 Source advisory: OSV:GHSA-3H5V-Q93C-6H6Q...

@128technology/ply (>=1.0.0-alpha.0 <=1.0.0-alpha.7), @128technology/yinz (=5.0.0-alpha.6) +87 more potentially affected by CVE-2024-34393 via libxmljs2 (>=0.21.7 <=0.33.0)

libxmljs2 NPM version =0.21.7, =1.0.0-alpha.0, =5.0.0, =2.4.0, =1.14.0, =1.0.0, =3.0.0, =6.0.0, =6.0.0, =11.0.0, =6.0.0, =6.0.0, =0.186.0, =1.205.5 and more Source cves: CVE-2024-34393 Source advisory: OSV:GHSA-MJR4-7XG5-PFVH...

02url-querystring-http (>=1.0.1 <=1.0.4), 0xgank-tea-advice-pull (=1.0.0) +32367 more potentially affected by CVE-2024-33883 via ejs (>=0.0.1 <=3.0.2)

ejs NPM version =0.0.1, =1.0.1, =1.0.4 - 0xgank-tea-advice-pull =1.0.0 - 0xgank-tea-balance-pencil =1.0.0 - 0xgank-tea-brick-bell =1.0.0 - 0xgank-tea-cake-victory =1.0.0 - 0xgank-tea-central-compound =1.0.0 - 0xgank-tea-characteristic =1.0.0 - 0xgank-tea-child-evening =1.0.0 -...

1.1.1-version (=1.0.0), 25-6-2025-full (>=1.0.0 <=1.0.2) +5244 more potentially affected by CVE-2024-21509 via mysql2 (>=3.0.0-rc.1 <=3.9.3)

mysql2 NPM version =3.0.0-rc.1, =1.0.0, =0.0.4, =0.0.1, =1.0.0, =0.0.1-alpha.5, =0.0.1-alpha.4, =0.0.1-alpha.1, =0.1.6-alpha.2, =0.0.8, =0.0.1, =0.0.56 and more Source cves: CVE-2024-21509 Source advisory: SNYK:JS-MYSQL2-6591084...

0utmailauth (=1.0.0), 0xkobold (>=0.0.1 <=0.2.0) +14862 more potentially affected by CVE-2024-24750 via undici (>=6.0.1 <=6.5.0)

undici NPM version =6.0.1, =0.0.1, =1.0.1, =1.0.0, =1.0.0, =1.0.1, =1.0.68, =4.11.0, =4.11.46 - 7up-dev =1.0.0 - 7up-developer =1.0.0 - 7up-kingdom =1.0.0 - 7up-nub =1.0.0 and more Source cves: CVE-2024-24750 Source advisory: OSV:GHSA-9F24-JQHM-JFCW...

-liuxin (=1.0.0), -test-bitbucket-branch-manager (=1.0.1) +45647 more potentially affected by CVE-2023-26159 via follow-redirects (>=0.0.3 <=1.15.3)

follow-redirects NPM version =0.0.3, =1.0.0, =1.0.1, =1.0.0, =1.0.0, =1.0.0, =1.0.1 - 031212-custom =1.0.0 and more Source cves: CVE-2023-26159 Source advisory: OSV:GHSA-JCHW-25XP-JWWC...

0xsodium (>=0.0.0 <=1.48.0), 3extensions (=1.0.1) +968 more potentially affected by CVE-2023-26144 via graphql (>=16.3.0 <=16.8.0)

graphql NPM version =16.3.0, =0.0.0, =0.0.1, =0.0.0, =0.0.0, =0.0.1, =1.16.13, =1.8.5, =1.1.12, =1.6.23, =1.16.6, =1.1.12, =1.8.5, =1.16.33, =1.0.0, =1.17.12-beta-20260420-075606-d7d7a9c7 and more Source cves: CVE-2023-26144 Source advisory: OSV:GHSA-9PV7-VFVM-6VR7...

@4qwerty7/mathjax-node-page (>=3.2.0 <=3.2.1), @4qwerty7/syzoj-renderer (>=1.0.7 <=1.2.1) +139 more potentially affected by CVE-2023-39663 via mathjax (>=2.6.1 <=2.7.9)

mathjax NPM version =2.6.1, =3.2.0, =1.0.7, =1.0.0, =1.0.0, =2.0.0, =1.0.36, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =0.4.0, =0.1.1, =0.0.1, =0.0.13 and more Source cves: CVE-2023-39663 Source advisory: OSV:GHSA-V638-Q856-GRG8...

@bitskyai/retailer-sdk (>=0.1.1 <=0.3.2), @codious/core (>=1.0.0 <=1.0.5) +71 more potentially affected by CVE-2021-32050 via mongodb (>=3.6.0 <=3.6.1)

mongodb NPM version =3.6.0, =0.1.1, =1.0.0, =2.0.0, =1.0.0, =0.15.1, =4.0.1-alpha-0bd7fa5.0, =4.3.0-fast-roles2, =0.0.1, =0.1.0, =0.0.32, =0.0.3, =1.0.0, =1.81.0 and more Source cves: CVE-2021-32050 Source advisory: OSV:GHSA-VXVM-QWW3-2FH7...

2broke2wait (=0.1.0), 2ch-fetcher-with-proxy (>=1.0.0 <=1.0.1) +4121 more potentially affected by CVE-2023-37903 via vm2 (>=1.0.1 <=3.9.19)

vm2 NPM version =1.0.1, =1.0.0, =15.0.0, =5.1.3, =1.0.2, =1.0.1, =0.1.0, =0.1.0, =0.1.0, =0.0.1, =0.2.48, =0.12.5-20190619040852, =0.24.1-20230627140514 and more Source cves: CVE-2023-37903 Source advisory: OSV:GHSA-G644-9GFX-Q4Q4...

@00ssh/erdnest (>=0.2.19 <=0.2.23), @0cfg/rpc-common (>=0.0.1 <=0.1.3) +2623 more potentially affected by CVE-2023-36665 via protobufjs (>=6.10.0 <=6.11.3)

protobufjs NPM version =6.10.0, =0.2.19, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.11, =0.0.8-alpha.0, =0.1.0, =0.0.2, =0.0.1, =0.0.5, =1.9.4, =1.9.15 and more Source cves: CVE-2023-36665 Source advisory: OSV:GHSA-H755-8QP9-CQ85...

Malicious code in assets-graph (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx e513e7556846ca62fa4d27646eef928d55f2c2954ce9caa51dd63643e2adf445 Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...

7ghost (>=4.11.0 <=4.11.46), 7ghost-cli (>=1.17.6-next.0 <=1.18.4) +283 more potentially affected by CVE-2023-26136 via tough-cookie (>=4.0.0 <=4.1.2)

tough-cookie NPM version =4.0.0, =4.11.0, =1.17.6-next.0, =2.0.0, =3.11.1, =1.1.3, =1.0.51, =1.0.1, =1.0.4, =1.2.95, =1.0.0, =1.0.1, =1.0.57, =1.0.3, =1.0.464 and more Source cves: CVE-2023-26136 Source advisory: SNYK:JS-TOUGHCOOKIE-5672873...