CVE-2025-23167 vulnerabilities

Vulnerabilities for packages: nodejs...

CVE-2025-23165 vulnerabilities

Vulnerabilities for packages: nodejs...

GHSA-GCF6-VGCR-474F vulnerabilities

Vulnerabilities for packages: nodejs...

CVE-2025-23166 vulnerabilities

Vulnerabilities for packages: nodejs...

GHSA-HCHW-QWX7-4W4C vulnerabilities

Vulnerabilities for packages: nodejs...

CVE-2025-23165 vulnerabilities

Vulnerabilities for packages: nodejs...

CVE-2025-23167 vulnerabilities

Vulnerabilities for packages: nodejs...

GHSA-RRJV-57MM-J6CM vulnerabilities

Vulnerabilities for packages: nodejs...

GHSA-HCHW-QWX7-4W4C vulnerabilities

Vulnerabilities for packages: nodejs...

GHSA-GCF6-VGCR-474F vulnerabilities

Vulnerabilities for packages: nodejs...

Linux Distros Unpatched Vulnerability : CVE-2014-7192

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rational Application Developer and other...

CVE-2025-59046 interactive-git-checkout has Command Injection vulnerability

The npm package interactive-git-checkout is an interactive command-line tool that allows users to checkout a git branch while it prompts for the branch name on the command-line. It is available as an npm package and can be installed via npm install -g interactive-git-checkout. Versions up to and...

PT-2025-36966

Name of the Vulnerable Software and Affected Versions: DuckDB versions 1.3.3 @duckdb/node-api version 1.3.3 @duckdb/node-bindings version 1.3.3 @duckdb/duckdb-wasm version 1.29.2 Description: DuckDB packages distributed for Node.js on npm were compromised with malware intended to interfere with...

CVE-2025-54994 @akoskm/create-mcp-server-stdio has Command Injection in MCP Server due to unsafe `exec` API

@akoskm/create-mcp-server-stdio is an MCP server starter kit that uses the StdioServerTransport. Prior to version 0.0.13, the MCP Server is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. The MCP...

Malicious code in release-it-prettier-nodejs-fornax (npm)

The package release-it-prettier-nodejs-fornax was found to contain malicious code...

MAL-2025-45794 Malicious code in release-it-prettier-nodejs-fornax (npm)

The package release-it-prettier-nodejs-fornax was found to contain malicious code...

MAL-2025-46436 Malicious code in uglify-js-forever-equinox-nodejs (npm)

The package uglify-js-forever-equinox-nodejs was found to contain malicious code...

MAL-2025-42965 Malicious code in @trp-ta-nitro/secrets-nodejs (npm)

The package @trp-ta-nitro/secrets-nodejs was found to contain malicious code...

Malicious code in izar-magellan-readable-nodejs (npm)

The package izar-magellan-readable-nodejs was found to contain malicious code...

Malicious code in boson-nodejs-jupiter-robotics (npm)

The package boson-nodejs-jupiter-robotics was found to contain malicious code...