21 matches found
EUVD-2025-17579
Malicious code in bioql PyPI...
Malicious code in vue-cli-nb-no (npm)
The package vue-cli-nb-no was found to contain malicious code...
Malicious code in fin-vue-cli (npm)
The package fin-vue-cli was found to contain malicious code...
MAL-2025-38667 Malicious code in vue-cli-nb-no (npm)
The package vue-cli-nb-no was found to contain malicious code...
MAL-2025-20562 Malicious code in fin-vue-cli (npm)
The package fin-vue-cli was found to contain malicious code...
CVE-2025-5897
A vulnerability was found in vuejs vue-cli up to 5.0.8. It has been rated as problematic. This issue affects the function HtmlPwaPlugin of the file packages/@vue/cli-plugin-pwa/lib/HtmlPwaPlugin.js of the component Markdown Code Handler. The manipulation leads to inefficient regular expression...
Regular Expression Denial Of Service (ReDoS)
@vue/cli-plugin-pwa is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to unsafe regex handling in the HtmlPwaPlugin component of the Markdown code handler, which can be exploited remotely to degrade performance...
@vue/cli-plugin-pwa Regular Expression Denial of Service vulnerability
A vulnerability was found in vuejs vue-cli up to 5.0.8. It has been rated as problematic. This issue affects the function HtmlPwaPlugin of the file packages/@vue/cli-plugin-pwa/lib/HtmlPwaPlugin.js of the component Markdown Code Handler. The manipulation leads to inefficient regular expression...
@axeridev/flux-ui (>=0.0.7 <=0.4.3), @bpui/build-cli (=0.0.1) +21 more potentially affected by CVE-2025-5897 via @vue/cli-plugin-pwa (>=3.12.1 <=5.0.8)
@vue/cli-plugin-pwa NPM version =3.12.1, =0.0.7, =0.0.6, =0.0.14, =7.0.0-beta.3, =0.12.0-alpha.0, =0.1.2, =0.1.5, =0.1.5, =0.1.2, =7.0.0-beta.3, =2.0.0, =2.3.8 and more Source cves: CVE-2025-5897 Source advisory: OSV:GHSA-79VF-HF9F-J9Q8...
CVE-2025-5897
CVE-2025-5897 affects the Vue CLI (vue-cli) up to version 5.0.8, specifically the HtmlPwaPlugin.js in the Markdown Code Handler. The issue is an inefficient regular expression handling that can enable a Regular Expression Denial of Service (ReDoS) scenario and may be triggered remotely. Multiple ...
CVE-2025-5897 vuejs vue-cli Markdown Code HtmlPwaPlugin.js HtmlPwaPlugin redos
A vulnerability was found in vuejs vue-cli up to 5.0.8. It has been rated as problematic. This issue affects the function HtmlPwaPlugin of the file packages/@vue/cli-plugin-pwa/lib/HtmlPwaPlugin.js of the component Markdown Code Handler. The manipulation leads to inefficient regular expression...
CVE-2025-5897 vuejs vue-cli Markdown Code HtmlPwaPlugin.js HtmlPwaPlugin redos
A vulnerability was found in vuejs vue-cli up to 5.0.8. It has been rated as problematic. This issue affects the function HtmlPwaPlugin of the file packages/@vue/cli-plugin-pwa/lib/HtmlPwaPlugin.js of the component Markdown Code Handler. The manipulation leads to inefficient regular expression...
vuejs Vue CLI 安全漏洞
vuejs Vue CLI is a webpack-based Vue.js development tool open-sourced by Vue. A security vulnerability exists in vuejs Vue CLI version 5.0.8 and earlier, which stems from an inefficient regular expression complexity in the function HtmlPwaPlugin...
Malicious code in vue-cli-plugin-lint-staged (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis cb4c725718310cb969ec6171fad585bea2b58fc7d4460be6b706cb8529356d7a The OpenSSF Package Analysis project identified 'vue-cli-plugin-lint-staged' @ 9.9.7 npm as malicious. It is considered malicious because: - The...
MAL-2024-11893 Malicious code in vue-cli-plugin-lint-staged (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis cb4c725718310cb969ec6171fad585bea2b58fc7d4460be6b706cb8529356d7a The OpenSSF Package Analysis project identified 'vue-cli-plugin-lint-staged' @ 9.9.7 npm as malicious. It is considered malicious because: - The...
Malicious code in vue-cli-plugin-changelog (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-11486 Malicious code in vue-cli-plugin-changelog (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in @authentication-pages/vue-cli-prebuild (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a3c92ef13745278b15d59dfa706f96df5f1c3bb0261c9471d3e56eaa1449059e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-8 Malicious code in @authentication-pages/vue-cli-prebuild (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a3c92ef13745278b15d59dfa706f96df5f1c3bb0261c9471d3e56eaa1449059e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Pro-Ukraine ‘Protestware’ Pushes Antiwar Ads, Geo-Targeted Malware
Researchers are tracking a number of open-source "protestware" projects on GitHub that have recently altered their code to display "Stand with Ukraine" messages for users, or basic facts about the carnage in Ukraine. The group also is tracking several code packages that were recently modified to...