4 matches found
CVE-2025-59331 [email protected] contains malware after npm account takeover
is-arrayish checks if an object can be used like an Array. On 8 September 2025, an npm publishing account for is-arrayish was taken over after a phishing attack. Version 0.3.3 was published, functionally identical to the previous patch version, but with a malware payload added attempting to...
PT-2022-19503 · Vyper · Vyper
Name of the Vulnerable Software and Affected Versions: Vyper versions prior to 0.3.4 Description: The issue arises when calling an external contract with no return value, potentially resulting in the contract address being evaluated twice, including any side effects. This could lead to incorrect...
GHSA-HJCP-J389-59FF Regular Expression Denial of Service in marked
Versions 0.3.3 and earlier of marked are affected by a regular expression denial of service ReDoS vulnerability when passed inputs that reach the em inline rule. Recommendation Update to version 0.3.4 or later...
PT-2010-4051 · Python · Mako
Name of the Vulnerable Software and Affected Versions: Mako versions prior to 0.3.4 Description: The issue makes it easier for remote attackers to conduct cross-site scripting XSS attacks via vectors involving single-quote characters and a JavaScript onLoad event handler for a BODY element. This ...