| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| node-tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| babelcli was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| mssql-node was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| gruntcli was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| nodemssql was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| mssql.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| `sqlserver` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| `nodefabric` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| `fabric-js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| `node-fabric` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| `sqliter` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| `sqlite.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| `nodesqlite` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| `node-sqlite` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| mysqljs was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| `jquery.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| `d3.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| The sync-exec module is used to simulate child_process.execSync in node versions <0.11.9. Sync-exec uses tmp directories as a buffer before returning values. Other users on the server have read access to the tmp directory, possibly allowing an attacker on the server to obtain confidential information from the buffer/tmp file, while it exists. |
| node-jose is a JavaScript implementation of the JSON Object Signing and Encryption (JOSE) for current web browsers and node.js-based servers. node-jose earlier than version 0.9.3 is vulnerable to an invalid curve attack. This allows an attacker to recover the private secret key when JWE with Key Agreement with Elliptic Curve Diffie-Hellman Ephemeral Static (ECDH-ES) is used. |
