MiracleLinux 8 : nodejs:16 (AXSA:2022-3781:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3781:01 advisory. npm: npm ci succeeds when package-lock.json doesn't match package.json CVE-2021-43616 Tenable has extracted the preceding description block directly from the...

EUVD-2021-30530

Malicious code in bioql PyPI...

MAL-2025-47684 Malicious code in kotlin-wasm-package-lock-project-test (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in kotlin-wasm-package-lock-project-test (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-47683 Malicious code in kotlin-wasm-package-lock-project (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in kotlin-wasm-package-lock-project (npm)

--- -= Per source details. Do not edit below this line.=-...

CVE-2023-34098

Shopware is an open source e-commerce software. Due to an incorrect configuration in the .htaccess file, the configuration file of the Javascript could be read in production environments themes/package-lock.json. With this information, the specific Shopware version in a deployment might be...

GHSA-J4G3-3Q8X-JXQP dbt-core's secret env vars written to package-lock.json in plaintext

Impact When used to pull source code from a private repository using a Personal Access Token PAT, some versions of dbt-core write a URL with the PAT in plaintext to the package-lock.yml file. Patches The bug has been fixed in dbt-core v1.7.3. Mitigations Remove any git URLs with plaintext secrets...

PT-2023-33033 · Dbt-Core · Dbt-Core

Name of the Vulnerable Software and Affected Versions: dbt-core versions prior to 1.7.3 Description: The issue arises when dbt-core is used to pull source code from a private repository using a Personal Access Token PAT. In this scenario, some versions of dbt-core write a URL with the PAT in...

CVE-2023-34098 Dependency configuration exposed in Shopware

Shopware is an open source e-commerce software. Due to an incorrect configuration in the .htaccess file, the configuration file of the Javascript could be read in production environments themes/package-lock.json. With this information, the specific Shopware version in a deployment might be...

PT-2023-24670 · Shopware · Shopware

Name of the Vulnerable Software and Affected Versions: Shopware versions prior to 5.7.18 Description: The issue arises from an incorrect configuration in the .htaccess file, allowing the configuration file of Javascript dependencies to be read in production environments, specifically the...

Shopware 信息泄露漏洞

Shopware is a set of open source e-commerce software from the German company Shopware. An information disclosure vulnerability exists in Shopware versions prior to 5.7.18, which stems from an incorrect configuration in the htaccess file, which can read the Javascript configuration file...

DEBIAN-CVE-2021-43616

The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the documentation, and makes it easier for attackers to install malware that was supposed to have bee...

UBUNTU-CVE-2021-43616

The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the documentation, and makes it easier for attackers to install malware that was supposed to have bee...

PT-2021-23891 · Npm +5 · Npm +5

Name of the Vulnerable Software and Affected Versions: npm versions 7.x through 8.1.3 Description: The npm ci command proceeds with an installation even if dependency information in package-lock.json differs from package.json, which is inconsistent with the documentation. This behavior makes it...

@npmcli/arborist vulnerable to UNIX Symbolic Link (Symlink) Following

Impact Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution @npmcli/arborist, the library that calculates dependency trees and manages the nodemodules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and t...

CVE-2000-1197

POP2 or POP3 server pop3d in imap-uw IMAP package on FreeBSD and other operating systems creates lock files with predictable names, which allows local users to cause a denial of service lack of mail access for other users by creating lock files for other mail boxes...