207 matches found
Malicious code in dependencies-node-sass-arcturus-mini-css-extract-plugin (npm)
The package dependencies-node-sass-arcturus-mini-css-extract-plugin was found to contain malicious code...
Malicious code in node-sass-dependencies-solis-zenith (npm)
The package node-sass-dependencies-solis-zenith was found to contain malicious code...
Malicious code in node-sass-win32-x64 (npm)
The package node-sass-win32-x64 was found to contain malicious code...
Malicious code in paleoecology-neptune-node-sass-ultra (npm)
The package paleoecology-neptune-node-sass-ultra was found to contain malicious code...
Malicious code in spectron-webdriver-atlas-geochemistry-node-sass (npm)
The package spectron-webdriver-atlas-geochemistry-node-sass was found to contain malicious code...
Malicious code in xerxes-quito-despina-node-sass (npm)
The package xerxes-quito-despina-node-sass was found to contain malicious code...
Malicious code in hydra-rollup-kuiperbelt-node-sass (npm)
The package hydra-rollup-kuiperbelt-node-sass was found to contain malicious code...
Malicious code in node-sass-exoplanet-koa-browserify (npm)
The package node-sass-exoplanet-koa-browserify was found to contain malicious code...
MAL-2025-18287 Malicious code in dependencies-node-sass-arcturus-mini-css-extract-plugin (npm)
The package dependencies-node-sass-arcturus-mini-css-extract-plugin was found to contain malicious code...
MAL-2025-27652 Malicious code in node-sass-dependencies-solis-zenith (npm)
The package node-sass-dependencies-solis-zenith was found to contain malicious code...
MAL-2025-39758 Malicious code in xerxes-quito-despina-node-sass (npm)
The package xerxes-quito-despina-node-sass was found to contain malicious code...
MAL-2025-27653 Malicious code in node-sass-exoplanet-koa-browserify (npm)
The package node-sass-exoplanet-koa-browserify was found to contain malicious code...
Security Bulletin: IBM Watson Machine Learning Accelerator on Cloud Pak for Data is vunerable to libsass and node-sass vulnerabilities
Summary IBM Watson Machine Learning Accelerator on Cloud Pak for Data is vunerable to the dependencies in the opensource library libsass-3.5.5 and opennms-opennms-source-25.1.1-1 . These are fixed. Vulnerability Details CVEID:CVE-2018-11696 DESCRIPTION: LibSaas is vulnerable to a denial of servic...
Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the user is not specifying an alternative download path.
...
Certificate validation is disabled when requesting binaries
Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the user is not specifying an alternative download path. Products Confirmed Not Affected No Brocade Fibre Channel Products from Broadcom products are known to be affected by this vulnerability...
node-sass-with-bindings (>=4.5.5 <=4.5.6) potentially affected by CVE-2022-25895 via lite-dev-server (=3.2.7)
lite-dev-server NPM version =3.2.7 is affected by a known vulnerability. The following packages have a transitive dependency on lite-dev-server and may be impacted: - node-sass-with-bindings =4.5.5, =4.5.6 Source cves: CVE-2022-25895 Source advisory: OSV:GHSA-PPPV-CH8P-RP2W...
node-sass-with-bindings (>=4.5.5 <=4.5.6) potentially affected by CVE-2022-25895 via lite-dev-server (=3.2.7)
lite-dev-server NPM version =3.2.7 is affected by a known vulnerability. The following packages have a transitive dependency on lite-dev-server and may be impacted: - node-sass-with-bindings =4.5.5, =4.5.6 Source cves: CVE-2022-25895 Source advisory: SNYK:JS-LITEDEVSERVER-3153718...
CVE-2022-25758
All versions of package scss-tokenizer are vulnerable to Regular Expression Denial of Service ReDoS via the loadAnnotation function, due to the usage of insecure regex...
Malicious code in grunt-with-node-sass (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0946d8ce554c4342a4ca8846ecb6a66703712bbf720809ce3fdfade36925b648 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Security Bulletin: IBM QRadar Deployment Intelligence app for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar Deployment Intelligence app for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-24025 DESCRIPTION: node-sass...