| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A remote code execution vulnerability was found within the pg module when the remote database or query specifies a specially crafted column name. There are 2 likely scenarios in which one would likely be vulnerable. 1) Executing unsafe, user-supplied sql which contains a malicious column name. 2) Connecting to an untrusted database and executing a query which returns results where any of the column names are malicious. |
| cross-env.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| nodesass was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| smb was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| shadowsock was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| mongose was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| proxy.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| http-proxy.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| crossenv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| noderequest was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| nodemailer.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| nodemailer-js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| nodecaffe was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| nodeffmpeg was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| ffmepg was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| node-opencv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| opencv.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| openssl.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| node-openssl was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| node-opensl was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
