@cenk1cenk2/renovate-config (>=2.3.132 <=2.3.148), @jamietanna/patch-testing (>=0.1.0 <=0.2.28) +7 more potentially affected by unknown CVE via renovate (>=36.109.4 <=40.21.2)

renovate NPM version =36.109.4, =2.3.132, =0.1.0, =0.14.0, =0.5.0, =0.1.0, =0.1.0, =0.0.1, =0.19.0 - @zotero-chinese/renovate-config =1.0.3 Source cves: unknown CVE Source advisory: OSV:GHSA-FR4J-65PV-GJJJ...

@langri-sha/projen-license (>=0.1.0 <=0.3.3), @langri-sha/projen-project (>=0.9.0 <=0.16.1) potentially affected by unknown CVE via license-o-matic (=1.2.0)

license-o-matic NPM version =1.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on license-o-matic and may be impacted: - @langri-sha/projen-license =0.1.0, =0.9.0, =0.16.1 Source cves: unknown CVE Source advisory: OSV:MAL-2025-191123...

@langri-sha/projen-license (>=0.1.0 <=0.3.3), @langri-sha/projen-project (>=0.9.0 <=0.16.1) potentially affected by unknown CVE via license-o-matic (=1.2.0)

license-o-matic NPM version =1.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on license-o-matic and may be impacted: - @langri-sha/projen-license =0.1.0, =0.9.0, =0.16.1 Source cves: unknown CVE Source advisory: SNYK:JS-LICENSEOMATIC-14103652...

Malicious code in @zalastax/nolb-projen (npm)

The package @zalastax/nolb-projen was found to contain malicious code...

MAL-2025-13344 Malicious code in @zalastax/nolb-projen (npm)

The package @zalastax/nolb-projen was found to contain malicious code...

CVE-2021-21423

projen is a project generation tool that synthesizes project configuration files such as package.json, tsconfig.json, .gitignore, GitHub Workflows, eslint, jest, and more, from a well-typed definition written in JavaScript. Users of projen's NodeProject project type including any project type...

CVE-2021-21423

projen is a project generation tool that synthesizes project configuration files such as package.json, tsconfig.json, .gitignore, GitHub Workflows, eslint, jest, and more, from a well-typed definition written in JavaScript. Users of projen's NodeProject project type including any project type...

CVE-2021-21423

projen is a project generation tool that synthesizes project configuration files such as package.json, tsconfig.json, .gitignore, GitHub Workflows, eslint, jest, and more, from a well-typed definition written in JavaScript. Users of projen's NodeProject project type including any project type...

PYSEC-2021-111

projen is a project generation tool that synthesizes project configuration files such as package.json, tsconfig.json, .gitignore, GitHub Workflows, eslint, jest, and more, from a well-typed definition written in JavaScript. Users of projen's NodeProject project type including any project type...

Design/Logic Flaw

projen is a project generation tool that synthesizes project configuration files such as package.json, tsconfig.json, .gitignore, GitHub Workflows, eslint, jest, and more, from a well-typed definition written in JavaScript. Users of projen's NodeProject project type including any project type...

PYSEC-2021-111

projen is a project generation tool that synthesizes project configuration files such as package.json, tsconfig.json, .gitignore, GitHub Workflows, eslint, jest, and more, from a well-typed definition written in JavaScript. Users of projen's NodeProject project type including any project type...

Rebuild-bot workflow may allow unauthorised repository modifications

Impact projen is a project generation tool that synthesizes project configuration files such as package.json, tsconfig.json, .gitignore, GitHub Workflows, eslint, jest, and more, from a well-typed definition written in JavaScript. Users of projen's NodeProject project type including any project...

GHSA-GG2G-M5WC-VCCQ Rebuild-bot workflow may allow unauthorised repository modifications

Impact projen is a project generation tool that synthesizes project configuration files such as package.json, tsconfig.json, .gitignore, GitHub Workflows, eslint, jest, and more, from a well-typed definition written in JavaScript. Users of projen's NodeProject project type including any project...

CVE-2021-21423 Exposure of Version-Control Repository to an Unauthorized Control Sphere in projen

projen is a project generation tool that synthesizes project configuration files such as package.json, tsconfig.json, .gitignore, GitHub Workflows, eslint, jest, and more, from a well-typed definition written in JavaScript. Users of projen's NodeProject project type including any project type...

CVE-2021-21423

CVE-2021-21423 concerns the projen build tool. The issue centers on the rebuild-bot GitHub workflow (triggered by issue_comment with @projen rebuild) which runs with the repository’s GITHUB_TOKEN and could allow untrusted code to affect the main branch, potentially exposing secrets or altering co...

Github projen 安全漏洞

Github projen is a Github open source application. It synthesizes project configuration files. A security vulnerability exists in projen that allows any GitHub user to trigger the execution of untrusted code in the context of the "main" repository...