Security Bulletin: There is a vulnerability in postcss-8.4.38.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-41305)

Summary There is a vulnerability in postcss-8.4.38.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-41305 DESCRIPTION: PostCSS takes a CSS file and provides an API to analyze and modify its rules by transforming the rules into an...

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses postcss-8.4.49.tgz which is vulnerable to CVE-2026-41305

Summary IBM Maximo Application Suite - Visual Inspection component uses postcss-8.4.49.tgz which is vulnerable to CVE-2026-41305, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-41305 DESCRIPTION: PostCSS takes a CSS file an...

PT-2026-42916

A vulnerability was determined in postcss up to 7.1.1. Affected is the function toString of the file src/selectors/container.js of the component AST Serialization. Executing a manipulation can lead to uncontrolled recursion. It is possible to launch the attack remotely. The exploit has been...

EUVD-2021-1108

Malware in sbrugna...

EUVD-2022-0459

Malicious code in bioql PyPI...

EUVD-2023-2456

Malicious code in bioql PyPI...

Security Bulletin: Vulnerability in PostCSS affects IBM Business Automation Workflow - CVE-2023-44270

Summary IBM Business Automation Workflow is depends on a vulnerable version of PostCSS. Vulnerability Details CVEID:CVE-2023-44270 DESCRIPTION: PostCSS could allow a remote attacker to bypass security restrictions, caused by improper input validaiton. By using a specially crafted external Cascadi...

Security Bulletin: IBM Event Processing is vulnerable to Improper Input Validation due to the PostCSS (CVE-2023-44270).

Summary Operator of IBM Event Processing is vulnerable to Improper Input Validation due to the postcss-8.4.21.tgz before 8.4.31. PostCSS is a tool for transforming CSS with JavaScript plugins and this is a dev dependency used by Event Processing Team. CVE-2023-44270. Vulnerability Details...

Improper Input Validation

postcss is vulnerable to Improper Input Validation. The vulnerability is due to the REBADBRACKET in tokenize.js which does not account for carriage returns \r. This means that any CSS containing a carriage return character \r would not be matched by this regular expression, potentially allowing...

PT-2023-7567 · Postcss +1 · Postcss +1

Name of the Vulnerable Software and Affected Versions: PostCSS versions prior to 8.4.31 Description: The issue affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contain parts parsed by PostCSS as a CSS comment. After processing b...

-tompan-reacttemplate (>=1.0.1 <=1.1.0), 02-infrastructure (=1.0.0) +37552 more potentially affected by CVE-2021-23382 via postcss (>=0.1.0 <=7.0.35)

postcss NPM version =0.1.0, =1.0.1, =1.0.0, =1.0.4, =1.0.0, =5.0.0, =1.0.3, =1.0.7 and more Source cves: CVE-2021-23382 Source advisory: OSV:GHSA-566M-QJ78-RWW5...

@100mslive/hms-video-react (>=0.3.27 <=0.3.59), @aagames-fe/google-translate (>=0.0.2 <=0.0.14) +371 more potentially affected by CVE-2021-23368 via postcss (>=8.0.0 <=8.2.1)

postcss NPM version =8.0.0, =0.3.27, =0.0.2, =1.1.0, =0.1101.0-next.0, =0.30.7-danger.689b7beb.20, =0.33.2-danger.94e2a1914.37, =0.25.0, =0.2.19, =2.0.174, =2.0.174, =2.0.174, =2.6.25 and more Source cves: CVE-2021-23368 Source advisory: OSV:GHSA-HWJ9-H5MP-3PM3...

-tompan-reacttemplate (>=1.0.1 <=1.1.0), 0x0.icu.anima (=0.1.0) +9336 more potentially affected by CVE-2021-23368 via postcss (>=7.0.0 <=7.0.35)

postcss NPM version =7.0.0, =1.0.1, =1.0.1, =0.1.0, =0.1.2, =0.1.0, =0.1.0, =0.1.1, =1.0.0, =3.4.2 and more Source cves: CVE-2021-23368 Source advisory: OSV:GHSA-HWJ9-H5MP-3PM3...

GHSA-HWJ9-H5MP-3PM3 Regular Expression Denial of Service in postcss

The npm package postcss from 7.0.0 and before versions 7.0.36 and 8.2.10 is vulnerable to Regular Expression Denial of Service ReDoS during source map parsing...

Andrey Sitnik postcss 安全漏洞

Andrey Sitnik postcss is an open source application by Andrey Sitnik . Used to use the JS plugin to convert the style of the tool . Andrey Sitnik postcss version 7.0.0 and 8.2.10 before a security vulnerability that can be exploited by attackers to cause a denial of service...

@100mslive/hms-video-react (>=0.3.27 <=0.3.59), @aagames-fe/google-translate (>=0.0.2 <=0.0.14) +371 more potentially affected by CVE-2021-23368 via postcss (>=8.0.0 <=8.2.1)

postcss NPM version =8.0.0, =0.3.27, =0.0.2, =1.1.0, =0.1101.0-next.0, =0.30.7-danger.689b7beb.20, =0.33.2-danger.94e2a1914.37, =0.25.0, =0.2.19, =2.0.174, =2.0.174, =2.0.174, =2.6.25 and more Source cves: CVE-2021-23368 Source advisory: SNYK:JS-POSTCSS-1090595...