org.webjars.npm:canvas (>=2.5.0 <=2.6.0), org.webjars.npm:color-thief (=2.2.5) +12 more potentially affected by CVE-2026-29786 via org.webjars.npm:tar (>=0.1.20 <=4.4.19)

org.webjars.npm:tar MAVEN version =0.1.20, =2.5.0, =0.97.5, =0.2.0, =3.4.0, =0.6.19, =2.0.0, =3.1.4, =3.4.1 - org.webjars.npm:tar.gz =1.0.7 Source cves: CVE-2026-29786 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15416076...

Malicious code in node-pre-gyp-test-app2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b3456b640ac819fb66bf7f58e41f74e65b868629f609e863ca1bbe300070e7a8 The OpenSSF Package Analysis project identified 'node-pre-gyp-test-app2' @ 0.1.0-release1.release2 npm as malicious. It is considered malicious...

GHSA-7CGC-FJV4-52X6 Malware in pre-build binaries of bignum

Impact bignum releases from v0.12.2 to v0.13.0 inclusive used node-pre-gyp to optionally download pre-built binary versions of the addon. These binaries were published on a now-expired S3 bucket which has since been claimed by a malicious third party which is now serving binaries containing malwa...

Malware in pre-build binaries of bignum

Impact bignum releases from v0.12.2 to v0.13.0 inclusive used node-pre-gyp to optionally download pre-built binary versions of the addon. These binaries were published on a now-expired S3 bucket which has since been claimed by a malicious third party which is now serving binaries containing malwa...