MiracleLinux 7 : rh-nodejs10-nodejs-10.19.0-1.el7 (AXSA:2020-4479:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-4479:01 advisory. nodejs: HTTP request smuggling using malformed Transfer-Encoding header CVE-2019-15605 nodejs: Remotely trigger an assertion on a TLS server with a...

MAL-2025-5324 Malicious code in jira-dashboard-items (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 79ab5b6ba91047c189dc1c045205cf83046fa39fd12a9292f3ed8b4ea48582b6 Any computer that has this package installed or running should be considered...

MAL-2025-4726 Malicious code in connectnodewebclient (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 72fc085bcccf174a0e94231d33f82e278941f6a8b7d9fa72f1f83ae85902b993 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PoCGen: Generating Proof-Of-Concept Exploits for Vulnerabilities in Npm Packages

Security vulnerabilities in software packages are a significant concern for developers and users alike. Patching these vulnerabilities in a timely manner is crucial to restoring the integrity and security of software systems. However, previous work has shown that vulnerability reports often lack...

MAL-2025-4189 Malicious code in porrtal-workspace (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-3937 Malicious code in node-scoped-http-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 881ef5215aabb6e0d9dbaf7bbbdc6f804c031cb613c83b6fdb86f0efbc99d520 The OpenSSF Package Analysis project identified 'node-scoped-http-client' @ 2.0.0 npm as malicious. It is considered malicious because: - The...

MAL-2025-1860 Malicious code in instacart-database (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-1782 Malicious code in dropbox-auth (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-11757 Malicious code in dexter123 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 92153d5ec8ca742a1abda5dd5a05def8deace56614101ebb7f38980a9583769a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

@3volutions/welle7.lib (=1.0.1), @acathur/koa-decorator-ts (>=2.7.0 <=2.7.4) +1161 more potentially affected by CVE-2020-7637 via class-transformer (>=0.1.10 <=0.2.3)

class-transformer NPM version =0.1.10, =2.7.0, =1.0.0, =0.1.0, =0.0.4, =0.0.1, =1.0.1, =0.0.1, =1.3.0-next.2, =1.2.0, =1.0.1, =0.0.1, =0.0.1, =0.0.9, =0.0.18 and more Source cves: CVE-2020-7637 Source advisory: SNYK:JS-CLASSTRANSFORMER-564431...

Important: Red Hat Security Advisory: nodejs:10 security update

An update for the nodejs:10 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RLSA-2020:0579 Important: nodejs:10 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 10.19.0. Security Fixes: nodejs: HTTP request smuggling using malformed...

Security Bulletin: Multiple vulnerabilities in NPM affects IBM API Connect (CVE-2016-3956, CVE-2016-2537, CVE-2016-2515)

Summary IBM API Connect is affected by two ReDoS vulnerabilities in modules included in the Node.js npm tool CVE-2016-2537, CVE-2016-2515 and Node.js Package Manager npm Bearer Token Vulnerability CVE-2016-3956. These vulnerabilities are now fixed. Vulnerability Details CVEID: CVE-2016-2515...