@1wen/tools (>=3.11.3 <=3.11.32), @2en/clawly-plugins (>=1.1.0 <=1.49.0-beta.4) +679 more potentially affected by CVE-2025-13437 via zx (>=1.14.2 <=8.8.5-lite)

zx NPM version =1.14.2, =3.11.3, =1.1.0, =0.1.1, =0.1.0, =0.0.2, =0.0.1, =0.8.0, =1.0.0, =1.0.0, =0.0.3, =0.4.0, =1.0.1, =1.0.5 and more Source cves: CVE-2025-13437 Source advisory: OSV:GHSA-W87R-VG9Q-CRQM...

@dadigua/hyper-chat (>=1.2.3 <=1.2.16), @rse/closingcredits (>=1.0.1 <=1.0.5) +3 more potentially affected by CVE-2025-13437 via zx (>=8.0.0 <=8.1.0)

zx NPM version =8.0.0, =1.2.3, =1.0.1, =2.15.6, =2.15.6, =3.0.5, =3.0.10 Source cves: CVE-2025-13437 Source advisory: SNYK:JS-ZX-14089787...

Linux Distros Unpatched Vulnerability : CVE-2025-24959

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - zx is a tool for writing better scripts. An attacker with control over environment variable values can inject unintended environment variables into process.env...