CERT/CC Warns binary-parser Bug Allows Node.js Privilege-Level Code Execution
A security vulnerability has been disclosed in the popular binary-parser npm library that, if successfully exploited, could result in the execution of arbitrary JavaScript
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
A security vulnerability has been disclosed in the popular binary-parser npm library that, if successfully exploited, could result in the execution of arbitrary JavaScript
Automation flaw in CI/CD workflow let a bad pull request unleash worm into npm PostHog says the Shai-Hulud 2.0 npm worm compromise was "the largest and most impactful security incident" it's ever experienced after attackers slipped malicious releases into its JavaScript SDKs and tried to auto-loot developer credentials.…
A critical vulnerability in the popular expr-eval JavaScript library, with over 800,000 weekly downloads on NPM, can be exploited to execute code remotely through maliciously crafted input. [...]
Researchers are warning of a critical remote code execution flaw in 'vm2', a JavaScript sandbox library downloaded over 16 million times per month via the NPM package repository. [...]
A "logical flaw" has been disclosed in NPM, the default package manager for the Node.js JavaScript runtime environment, that enables malicious actors to pass off rogue libraries as legitimate and trick unsuspecting developers into installing them