Malicious code in undefsafe-typed (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 71757e5cdef13d215b8506dfd5b00831fc29a7a24e208472c79fd40c2abe7967 The package undefsafe-typed was found to contain malicious code. Source: ghsa-malware 1a19664890dd6d9bba23c333e1095114841ef498dec4eaa02c1bff38bc80aa4...

MAL-2025-190937 Malicious code in undefsafe-typed (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 71757e5cdef13d215b8506dfd5b00831fc29a7a24e208472c79fd40c2abe7967 The package undefsafe-typed was found to contain malicious code. Source: ghsa-malware 1a19664890dd6d9bba23c333e1095114841ef498dec4eaa02c1bff38bc80aa4...

EUVD-2025-199004

Malicious code in undefsafe-typed npm...

@everreal/react-charts (>=1.0.0 <=1.0.1-ff20697), @everreal/web-analytics (>=0.0.3 <=0.0.12) +1 more potentially affected by unknown CVE via undefsafe-typed (=1.0.2)

undefsafe-typed NPM version =1.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on undefsafe-typed and may be impacted: - @everreal/react-charts =1.0.0, =0.0.3, =1.1.17, =1.2.5 Source cves: unknown CVE Source advisory: OSV:MAL-2025-190937...

@everreal/react-charts (>=1.0.0 <=1.0.1-ff20697), @everreal/web-analytics (>=0.0.3 <=0.0.12) +1 more potentially affected by unknown CVE via undefsafe-typed (=1.0.2)

undefsafe-typed NPM version =1.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on undefsafe-typed and may be impacted: - @everreal/react-charts =1.0.0, =0.0.3, =1.1.17, =1.2.5 Source cves: unknown CVE Source advisory: SNYK:JS-UNDEFSAFETYPED-14103745...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

EUVD-2022-0772

Malicious code in bioql PyPI...

CVE-2019-10795

undefsafe before 2.0.3 is vulnerable to Prototype Pollution. The 'a' function could be tricked into adding or modifying properties of Object.prototype using a proto payload...

Prototype Pollution in undefsafe

undefsafe before 2.0.3 is vulnerable to Prototype Pollution. The 'a' function could be tricked into adding or modifying properties of Object.prototype using a proto payload...

@aaa-backend-stack/build-tools (>=1.16.0 <=2.4.4), @aaa-backend-stack/devtools (>=1.16.0 <=2.4.4) +141 more potentially affected by CVE-2019-10795 via undefsafe (>=0.0.2 <=2.0.1)

undefsafe NPM version =0.0.2, =1.16.0, =1.16.0, =1.16.0, =1.16.0, =1.16.0, =1.16.0, =1.16.1, =1.16.0, =1.16.0, =1.16.0, =1.16.0, =1.16.0, =1.16.0, =1.16.0, =1.16.0, =2.4.4 and more Source cves: CVE-2019-10795 Source advisory: OSV:GHSA-332Q-7FF2-57H2...

GHSA-332Q-7FF2-57H2 Prototype Pollution in undefsafe

undefsafe before 2.0.3 is vulnerable to Prototype Pollution. The 'a' function could be tricked into adding or modifying properties of Object.prototype using a proto payload...

Undefsafe has an unspecified vulnerability

Undefsafe is a function that supports setting values. A security vulnerability exists in versions of Undefsafe prior to 2.0.3. An attacker can exploit the vulnerability to add or modify Object.prototype properties with the help of the 'a' function...

CVE-2019-10795

undefsafe before 2.0.3 is vulnerable to Prototype Pollution. The 'a' function could be tricked into adding or modifying properties of Object.prototype using a proto payload...

CVE-2019-10795

undefsafe before 2.0.3 is vulnerable to Prototype Pollution. The 'a' function could be tricked into adding or modifying properties of Object.prototype using a proto payload...

AZL-44064 CVE-2019-10795 affecting package nodejs-nodemon 2.0.3-5

undefsafe before 2.0.3 is vulnerable to Prototype Pollution. The 'a' function could be tricked into adding or modifying properties of Object.prototype using a proto payload...

Design/Logic Flaw

undefsafe before 2.0.3 is vulnerable to Prototype Pollution. The 'a' function could be tricked into adding or modifying properties of Object.prototype using a proto payload...

CVE-2019-10795

undefsafe before 2.0.3 is vulnerable to Prototype Pollution. The 'a' function could be tricked into adding or modifying properties of Object.prototype using a proto payload...

CVE-2019-10795

CVE-2019-10795 affects undefsafe prior to 2.0.3. Prototype pollution possible via the a() function using a proto payload to add/modify Object.prototype properties. Impact: remote attacker could manipulate global objects; CVSS ~6.3 (3.1) in provided metrics. Remediation: upgrade undefsafe to 2.0.3...

@zambezi/jsbin (=3.40.4-ez-bin.5), pin-api (>=1.1.0 <=1.3.1) potentially affected by CVE-2019-10795 via undefsafe (>=2.0.0 <=2.0.1)

undefsafe NPM version =2.0.0, =1.1.0, =1.3.1 Source cves: CVE-2019-10795 Source advisory: SNYK:JS-UNDEFSAFE-548940...

Prototype Pollution

Overview undefsafe is a Simple function for retrieving deep object properties without getting "Cannot read property 'X' of undefined". Affected versions of this package are vulnerable to Prototype Pollution. The a function could be tricked into adding or modifying properties of Object.prototype...