EUVD-2024-32452

A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParseStreamSourceChannel method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows...

Malicious code in remark-parse10 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d8cd5885ca66abe264124578aa99aaeb2907923a26681d5b64e8d6b72cb72696 The package remark-parse10 was found to contain malicious code. Source: ghsa-malware b0d37276c9efb7e85e07384bd19c0625e6672c70443710e145c260516f0ba2f4...

MAL-2025-192246 Malicious code in remark-parse10 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d8cd5885ca66abe264124578aa99aaeb2907923a26681d5b64e8d6b72cb72696 The package remark-parse10 was found to contain malicious code. Source: ghsa-malware b0d37276c9efb7e85e07384bd19c0625e6672c70443710e145c260516f0ba2f4...

PT-2025-48972

Name of the Vulnerable Software and Affected Versions Undertow affected versions not specified Description A flaw exists in Undertow that may lead to remote denial of service attacks. Specifically, when the server utilizes the FormEncodedDataDefinition.doParseStreamSourceChannel method to process...

Prototype Pollution

sveltekit-superforms is vulnerable to prototype pollution. The vulnerability is due to improper handling of user-supplied data in the parseFormData function of formData.js, which allows an attacker to inject properties into Object.prototype, enabling denial of service, type confusion, and potenti...

Remote Code Execution (RCE)

Parse is vulnerable to remote code execution RCE. The vulnerability is due to improper handling of malicious payloads in several methods including ParseObject.fromJSON, ParseObject.pin, ParseObject.registerSubclass, and internal encode/decode functions, which allows an attacker to inject data tha...

VulnCheck KEV: CVE-2025-53364

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Starting in 5.3.0 and before 7.5.3 and 8.2.2, the Parse Server GraphQL API previously allowed public access to the GraphQL schema without requiring a session token or the master key. While sche...

Malicious Package

Overview session-parse is a malicious package. This package contains malicious code associated with a social engineering campaign called "Contagious Interview." The attackers target developers through fake job interviews or coding test assignments that require the installation of this package. On...

OSV-2025-959 Heap-buffer-overflow in re_parse_term

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=464349132 Crash type: Heap-buffer-overflow READ 2 Crash state: reparseterm reparsedisjunction reparseterm...

@appium/base-driver (>=10.0.0 <=10.1.1), @breautek/storm (>=9.0.0 <=9.2.4) +77 more potentially affected by CVE-2025-13466 via body-parser (=2.2.0)

body-parser NPM version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on body-parser and may be impacted: - @appium/base-driver =10.0.0, =9.0.0, =3.8.8, =1.114.0, =11.8.0, =3.4.0, =11.0.19, =0.1.0, =8.13.0, =4.0.1, =1.0.0-beta.2, =0.0.1-beta.0,...

Malicious code in @mparpaillon/connector-parse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ffec89e4bd3b2d309b636261098474ed4816b5b9bd40872855c24c082de3666c The package @mparpaillon/connector-parse was found to contain malicious code...

EUVD-2025-198955

Malicious code in @mparpaillon/connector-parse npm...

MAL-2025-190870 Malicious code in @mparpaillon/connector-parse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ffec89e4bd3b2d309b636261098474ed4816b5b9bd40872855c24c082de3666c The package @mparpaillon/connector-parse was found to contain malicious code...

@collegedunia/newman-mocha (>=0.0.1 <=0.1.1), @dineshparne/postman-cli (>=1.0.0 <=1.0.5) +24 more potentially affected by unknown CVE via @postman/csv-parse (=4.0.2)

@postman/csv-parse NPM version =4.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on @postman/csv-parse and may be impacted: - @collegedunia/newman-mocha =0.0.1, =1.0.0, =1.0.0, =0.0.2, =1.1.1-beta.1, =1.0.34, =4.5.5, =1.0.0, =1.0.0, =1.0.2, =1.0.0,...

EUVD-2025-198633

Malicious code in @postman/csv-parse npm...

Malicious code in @postman/csv-parse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6072df393f967e34b9e50f3c9843f4716a7e65e30aff5648c7f003cb37c38e01 The package @postman/csv-parse was found to contain malicious code. Source: ghsa-malware...

MAL-2025-190646 Malicious code in @postman/csv-parse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6072df393f967e34b9e50f3c9843f4716a7e65e30aff5648c7f003cb37c38e01 The package @postman/csv-parse was found to contain malicious code. Source: ghsa-malware...

Malicious code in parse-session (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e6800038c1b56247a0767faecf501d0c74de134197bb0edbae2d27b8a958547 The package parse-session was found to contain malicious code. Source: ghsa-malware 5b04d6ff25ce91de5057fed89547b08687055f2ca7a217a2886eecb79c06f9e9...

Malicious Package

Overview parse-session is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

EUVD-2025-198611

Malicious code in parse-session npm...