MAL-2025-188338 Malicious code in nodemon-vega-umbriel-polaris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3b9d4a5c58194456c1863fd6896596e284d87a27db073c2d3776cf9a02526de3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-115192

Malicious code in command-nodemon-foundation-ganymede npm...

EUVD-2025-120133

Malicious code in yaml-nodemon-spectron-pino npm...

MAL-2025-48263 Malicious code in nodemon-pkg (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4dc5fe7289f6c5b97c4b2497e93d57d3636f6da1242e0f9d36bd0211a326f344 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in nodemon-pkg (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4dc5fe7289f6c5b97c4b2497e93d57d3636f6da1242e0f9d36bd0211a326f344 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in magnetosphere-cluster-fermion-nodemon (npm)

The package magnetosphere-cluster-fermion-nodemon was found to contain malicious code...

MAL-2025-27077 Malicious code in nanotechnology-nodejs-library-nodemon (npm)

The package nanotechnology-nodejs-library-nodemon was found to contain malicious code...

Fedora: Security Advisory (FEDORA-2025-9a278a7768)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

AZL-49091 CVE-2024-43796 affecting package nodejs-nodemon 2.0.3-4

Express.js minimalist web framework for node. In express 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect may execute untrusted code. This issue is patched in express 4.20.0...

AZL-49088 CVE-2024-43799 affecting package nodejs-nodemon 2.0.3-4

Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect which executes untrusted code. This issue is patched in send 0.19.0...

AZL-49152 CVE-2024-43796 affecting package nodejs-nodemon 2.0.3-5

Express.js minimalist web framework for node. In express 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect may execute untrusted code. This issue is patched in express 4.20.0...

AZL-45168 CVE-2022-25883 affecting package nodejs-nodemon 2.0.3-5

Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service ReDoS via the function new Range, when untrusted user data is provided as a range...

Malicious code in nodmeon (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 02b6f9ef09fb90c7d01ad94978e2b070855298c19a217d23602a4f05adcf8640 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

AZL-44496 CVE-2017-16118 affecting package nodejs-nodemon 2.0.3-5

The forwarded module is used by the Express.js framework to handle the X-Forwarded-For header. It is vulnerable to a regular expression denial of service when it's passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition...