CVE-2025-63706

NPM package next-npm-version1.0.1 is vulnerable to Command injection...

next-npm-version is vulnerable to Command injection

NPM package next-npm-version1.0.1 is vulnerable to Command injection...

GHSA-2XX6-QF7X-GRQH next-npm-version is vulnerable to Command injection

NPM package next-npm-version1.0.1 is vulnerable to Command injection...

CVE-2025-63706

NPM package next-npm-version1.0.1 is vulnerable to Command injection...

next-npm-version 1.0.1 安全漏洞

next-npm-version is a tool developed by Aric, a personal developer, for retrieving npm package versions. The version 1.0.1 of next-npm-version contains a security vulnerability, which stems from command injection...

PT-2026-38439

Name of the Vulnerable Software and Affected Versions next-npm-version version 1.0.1 Description NPM package next-npm-version is subject to command injection, a flaw that allows an attacker to execute arbitrary operating system commands on the server. Recommendations At the moment, there is no...

Remote Code Execution (RCE)

Signal K Server is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsanitized npm version specifiers in the appstore install API, where attacker-controlled URLs or git sources can be passed to npm, allowing execution of malicious postinstall scripts when an administrator...

CVE-2025-68619 Signal K Server Vulnerable to Remote Code Execution via Malicious npm Package

Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.19.0 of the appstore interface allow administrators to install npm packages through a REST API endpoint. While the endpoint validates that the package name exists in the npm registry as a known plugi...

EUVD-2018-0238

Malware in sbrugna...

CVE-2025-59039

Prebid Universal Creative PUC is a JavaScript API to render multiple formats. Npm users of PUC 1.17.3 or PUC latest were briefly affected by crypto-related malware. This includes the extremely popular jsdelivr hosting of this file. The maintainers of PUC unpublished version 1.17.3. Users should s...

CVE-2023-46498

An issue in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information and execute arbitrary code via the /deleteCustomer/route.json file...

CVE-2023-46495

Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the sortBy parameter...

SUSE-SU-2023:1942-1 Security update for nodejs16

This update for nodejs16 fixes the following issues: Update to nodejs LTS version 16.20.0: Security fixes: - CVE-2022-25881: Fixed ReDoS vulnerability in http-cache-semantics bsc1208744. Other changes: - update undici to 5.20.0 - update c-ares to 1.19.0 - update npm to 8.19.4...

nodejs:16 security, bug fix, and enhancement update

nodejs 16.13.1-3.0.1 - Libraries must not be group-writeable. Change node-gyp permission to 0755 Orabug: 28451433 1:16.13.1-3 - Resolves: RHBZ2027610 - Add corepack to spec 1:16.13.1-2 - Resolves: RHBZ2027610 - Update npm version test 1:16.13.1-1 - Resolves: RHBZ2027644, RHBZ2027643, RHBZ2027638,...

ALPINE-CVE-2021-39135

@npmcli/arborist, the library that calculates dependency trees and manages the nodemodules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder...

SUSE-SU-2021:2620-1 Security update for nodejs8

This update for nodejs8 fixes the following issues: - update to npm 6.14.13 - CVE-2021-27290: Fixed ssri Regular Expression Denial of Service. bsc1187976 - CVE-2021-23362: Fixed hosted-git-info Regular Expression Denial of Service bsc1187977 - CVE-2021-22884: DNS rebinding in --inspect bsc1182620...

OPENSUSE-SU-2021:2618-1 Security update for nodejs8

This update for nodejs8 fixes the following issues: - update to npm 6.14.13 - CVE-2021-27290: Fixed ssri Regular Expression Denial of Service. bsc1187976 - CVE-2021-23362: Fixed hosted-git-info Regular Expression Denial of Service. bsc1187977 - CVE-2020-7774: fixes y18n Prototype Pollution...

SUSE: Security Advisory (SUSE-SU-2019:2081-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Node.js third-party modules: [last-commit-log] Command Injection

I would like to report Command Injection in last-commit-log It allows execution of arbitrary commands Module module name: last-commit-log version: [email protected] npm page: https://www.npmjs.com/package/last-commit-log Module Description Node.js module to get the last git commit information...

Node.js third-party modules: [objtools] Prototype pollution

I would like to report a prototype pollution vulnerability in objtools module. It allows an attacker to inject properties on Object.prototype. Module module name: objtools version: 2.0.1 npm page: https://www.npmjs.com/package/objtools Module Description objtools provides several utility function...