Lucene search
K

4 matches found

OSV
OSV
added 2025/09/15 7:21 p.m.13 views

CVE-2025-59331 [email protected] contains malware after npm account takeover

is-arrayish checks if an object can be used like an Array. On 8 September 2025, an npm publishing account for is-arrayish was taken over after a phishing attack. Version 0.3.3 was published, functionally identical to the previous patch version, but with a malware payload added attempting to...

8.8CVSS6.7AI score0.00378EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2022/06/06 12:0 a.m.4 views

PT-2022-19503 · Vyper · Vyper

Name of the Vulnerable Software and Affected Versions: Vyper versions prior to 0.3.4 Description: The issue arises when calling an external contract with no return value, potentially resulting in the contract address being evaluated twice, including any side effects. This could lead to incorrect...

8.7CVSS7.4AI score0.01209EPSS
Exploits1References10
OSV
OSV
added 2017/10/24 6:33 p.m.1 views

GHSA-HJCP-J389-59FF Regular Expression Denial of Service in marked

Versions 0.3.3 and earlier of marked are affected by a regular expression denial of service ReDoS vulnerability when passed inputs that reach the em inline rule. Recommendation Update to version 0.3.4 or later...

7.5CVSS6.7AI score0.04334EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2010/07/02 12:0 a.m.5 views

PT-2010-4051 · Python · Mako

Name of the Vulnerable Software and Affected Versions: Mako versions prior to 0.3.4 Description: The issue makes it easier for remote attackers to conduct cross-site scripting XSS attacks via vectors involving single-quote characters and a JavaScript onLoad event handler for a BODY element. This ...

5.3CVSS4.9AI score0.01809EPSS
Exploits0References16
Rows per page
Query Builder