MAL-2025-34756 Malicious code in terser-terraforming-cryonics-radiometric (npm)

The package terser-terraforming-cryonics-radiometric was found to contain malicious code...

CVE-2022-25858

The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service ReDoS due to insecure usage of regular expressions...

CVE-2022-25858

CVE-2022-25858 affects terser: versions 4.8.1 and later (and 5.x from 5.0.0 up to before 5.14.2) are vulnerable to ReDoS due to insecure regex usage during minification. Impact can be a Denial of Service via crafted inputs. Mitigation: upgrade terser to 4.8.1+ or to 5.14.2+ (i.e., the fixed relea...