Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to missing enforcement of organization scopes in the zitadel process. An attacker can gain unauthorized access to resources or perform actions outside their permitted organization by exploiting this lack of sco...

@3w5h/knowledge_query (=1.0.30), @3w5h/utils (>=1.0.0 <=1.0.7) +576 more potentially affected by CVE-2026-23965 via sm-crypto (>=0.0.9 <=0.3.8)

sm-crypto NPM version =0.0.9, =1.0.0, =0.1.0, =4.4.42, =0.0.2, =2.2.6, =2.2.6, =2.2.6, =2.3.10, =2.1.4, =2.2.6, =2.2.6, =2.2.6, =2.1.15, =2.3.9 and more Source cves: CVE-2026-23965 Source advisory: OSV:GHSA-HPWG-XG7M-3P6M...

EUVD-2025-176329

Malicious code in small-bundle-function-minify-query npm...

Use of Single-factor Authentication

Overview Affected versions of this package are vulnerable to Use of Single-factor Authentication due to improper session validation in the authentication process. An attacker can gain unauthorized access to accounts protected by multi-factor authentication by submitting only a single authenticati...

MAL-2025-34364 Malicious code in table-query (npm)

The package table-query was found to contain malicious code...

MAL-2025-5946 Malicious code in parser-query (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f76c3bdd99ca88025a5db8d68b9d2af5c7cada21d80042f568ea821e9c22b8ed Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...