CVE-2025-59141

simple-swizzle swizzles function arguments. On 8 September 2025, the npm publishing account for simple-swizzle was taken over after a phishing attack. Version 0.2.3 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect...

CVE-2022-39342

OpenFGA is an authorization/permission engine. Versions prior to version 0.2.4 are vulnerable to authorization bypass under certain conditions. Users whose model has a relation defined as a tupleset the right hand side of a ‘from’ statement that involves anything other than a direct relationship...

CVE-2022-39341

OpenFGA is an authorization/permission engine. Versions prior to version 0.2.4 are vulnerable to authorization bypass under certain conditions. Users who have wildcard defined on tupleset relations in their authorization model are vulnerable. Version 0.2.4 contains a patch for this issue...

CVE-2024-41951

The CVE-2024-41951 issue affects Pheonix App (PheonixAppAPI) where the map of encoding/decoding languages is visible in the source, described as a moderate impact vulnerability. Root cause: encoding/decoding language mappings exposed in code. Affected versions were prior to 0.2.4, with a patch re...