ROOT-APP-NPM-CVE-2025-9288 CVE-2025-9288 in @rootio/sha.js - Patched by Root

Root has patched CVE-2025-9288 in the @rootio/sha.js package for Root:npm. Multiple fixed versions available...

Astra Linux - уязвимость в node-sha.js

There is a vulnerability in input validation in sha.js that allows for manipulation of input data. This issue affects sha.js version 2.4.11...

Injection sha.js Dependency in Jira Service Management Data Center and Server

This High severity Injection vulnerability was introduced in versions 10.3.0, 11.0.0, 11.1.0, and 11.2.0 of Jira Service Management Data Center and Server. This Injection vulnerability, with a CVSS Score of 7.4 and a CVSS Vector of code:java CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:Hcode allows...

Injection sha.js Dependency in Jira Software Data Center and Server

This High severity Injection vulnerability was introduced in versions 10.3.0, 11.0.0, 11.1.0, and 11.2.0 of Jira Software Data Center and Server. This Injection vulnerability, with a CVSS Score of 9.1 and a CVSS Vector of code:java CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:Hcode allows an...

Security Bulletin: Vulnerability in sha.js affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in sha.js has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerabilit...

Improper Input Validation

sha.js is vulnerable to Improper Input Validation. The vulnerability is due to insufficient validation of input data, which allows an attacker to manipulate crafted inputs to influence how data is processed...

Security Bulletin: Astronomer with IBM is vulnerable to improper input validation due to the sha.js package (CVE-2025-9288)

Summary Sha.js is used by Astronomer with IBM as part of the cryptographic processing functionality. Vulnerability Details CVEID:CVE-2025-9288 DESCRIPTION: Improper Input Validation vulnerability in sha.js allows Input Data Manipulation.This issue affects sha.js: through 2.4.11. CWE:CWE-20:...

Security Bulletin: Due to use of the sha.js library, IBM watsonx Code Assistant IDE Extensions is affected by Improper Input Validation vulnerability

Summary Sha.js is used internally by IBM watsonx Code Assistant IDE Extensions CVE-2025-9288 Vulnerability Details CVEID:CVE-2025-9288 DESCRIPTION: Improper Input Validation vulnerability in sha.js allows Input Data Manipulation.This issue affects sha.js: through 2.4.11. CWE:CWE-20: Improper Inpu...

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in sha.js-2.4.11.tgz CVE-2025-9288

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in sha.js-2.4.11.tgz CVE-2025-9288 Vulnerability Details CVEID:CVE-2025-9288 DESCRIPTION: Improper Input Validation vulnerability in sha.js allows Input Data Manipulation.This issue affects sha.js:...

EUVD-2025-25403

Malicious code in bioql PyPI...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 : sha.js vulnerability (USN-7778-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 host has a package installed that is affected by a vulnerability as referenced in the USN-7778-1 advisory. Nikita Skovoroda discovered that sha.js did not properly handle certain inputs. An attacker could possibly use this...

Debian: Security Advisory (DSA-6002-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 6002-1] node-sha.js security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6002-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 16, 2025 https://www.debian.org/security/faq -...

Debian dsa-6002 : node-sha.js - security update

The remote Debian 12 / 13 host has a package installed that is affected by a vulnerability as referenced in the dsa-6002 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6002-1 [email protected] https://www.debian.org/security/...

DLA-4302-1 node-sha.js - security update

Bulletin has no description...

DSA-6002-1 node-sha.js - security update

Bulletin has no description...

Debian: Security Advisory (DLA-4302-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian dla-4302 : node-sha.js - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4302 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4302-1 [email protected] https://www.debian.org/lts/security/...

Linux Distros Unpatched Vulnerability : CVE-2025-9288

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Input Validation vulnerability in sha.js allows Input Data Manipulation.This issue affects sha.js: through 2.4.11. CVE-2025-9288 Note that Nessus relie...

SUSE CVE-2025-9288

Improper Input Validation vulnerability in sha.js allows Input Data Manipulation.This issue affects sha.js: through 2.4.11...