EUVD-2019-0457

Malware in sbrugna...

Malicious code in melkikh-verdaccio-dc (npm)

The package melkikh-verdaccio-dc was found to contain malicious code...

MAL-2025-26170 Malicious code in melkikh-verdaccio-dc (npm)

The package melkikh-verdaccio-dc was found to contain malicious code...

CVE-2019-14772

verdaccio before 3.12.0 allows XSS...

@adpt/testutils (>=0.1.0-next.1 <=0.4.0-next.6), @lavamoat/git-safe-dependencies (>=0.1.1 <=0.2.1) +6 more potentially affected by CVE-2025-4759 via lockfile-lint-api (>=1.0.7 <=5.9.1)

lockfile-lint-api NPM version =1.0.7, =0.1.0-next.1, =0.1.1, =1.0.0, =4.3.1-test1, =1.3.0, =1.0.1, =4.2.2, =4.3.1, =4.7.0 Source cves: CVE-2025-4759 Source advisory: OSV:GHSA-7CFR-5CJF-32P4...

@falkor/falkor-auth-server (=1.1.1), @figedi/sentry-fastify (=1.0.6) +6 more potentially affected by CVE-2022-41919 via fastify (>=4.0.2 <=4.10.0)

fastify NPM version =4.0.2, =0.0.2, =0.0.16 - verdaccio =6.0.0-6-next.52 Source cves: CVE-2022-41919 Source advisory: OSV:GHSA-3FJJ-P79J-C9HH...

Cross-site Scripting (XSS)

verdaccio is vulnerable to cross-site scripting XSS. The vulnerability exists as values like props.readMe were not sanitized...

verdaccio cross-site scripting vulnerability

verdaccio is a lightweight private npm registry. A cross-site scripting vulnerability exists in versions prior to verdaccio 3.12.0, which stems from a lack of proper validation of client-side data by the WEB application and can be exploited by an attacker to execute client-side code...

CVE-2019-14772

verdaccio before 3.12.0 allows XSS...

Cross site scripting

verdaccio before 3.12.0 allows XSS...

CVE-2019-14772

verdaccio before 3.12.0 allows XSS...

CVE-2019-14772

Verdaccio (npm private registry) before version 3.12.0 is vulnerable to Cross-Site Scripting (XSS) due to insufficient validation of client-side data by the web application. The issue affects Verdaccio instances running 3.12.0 or migrating to major version &gt;=4.0.0 to fix the vulnerability. No ...

@cloudideaas/hydra (>=1.0.1 <=1.0.22), @drubin/verdaccio-gitlab (=0.0.4) +5 more potentially affected by CVE-2019-14772 via verdaccio (=2.7.4)

verdaccio NPM version =2.7.4 is affected by a known vulnerability. The following packages have a transitive dependency on verdaccio and may be impacted: - @cloudideaas/hydra =1.0.1, =0.0.0, =0.0.1, =1.0.7, =1.0.24 Source cves: CVE-2019-14772 Source advisory: OSV:GHSA-78J5-GCMF-VQC8...

Cross-Site Scripting

Overview Versions of verdaccio prior to 3.12.0 are vulnerable to Cross-Site Scripting. Links for the packages homepage are not properly restricted to http/https and can contain JavaScript which may lead to arbitrary code execution. Recommendation Upgrade to version 3.12.0 or later. References...

Cross-Site Scripting

Overview Versions of verdaccio prior to 3.12.0 are vulnerable to Cross-Site Scripting. Contents of READMEs are not properly sanitized before rendering, which may allow attackers to execute arbitrary JavaScript code. Recommendation Upgrade to version 3.12.0 or later...