3 matches found
CVE-2025-59141 [email protected] contains malware after npm account takeover
simple-swizzle swizzles function arguments. On 8 September 2025, the npm publishing account for simple-swizzle was taken over after a phishing attack. Version 0.2.3 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect...
CVE-2025-59141
CVE-2025-59141 concerns the Node.js package simple-swizzle. An account takeover via phishing led to a malicious 0.2.3 release that, when used in browser contexts (e.g., direct script tags or bundlers), attempts to redirect cryptocurrency transactions to attacker-controlled addresses. Local/server...
PT-2024-37303
Name of the Vulnerable Software and Affected Versions: langchain-ai/langchain versions prior to 0.2.4 Description: A vulnerability in the FAISS.deserialize from bytes function allows for pickle deserialization of untrusted data, which can lead to the execution of arbitrary commands via the...