| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-59141 | simple-swizzle@0.2.3 contains malware after npm account takeover | Qix- | node-simple-swizzle | - | - | 2025-09-15 19:09:59 | Deep Dive |
| CVE-2025-59140 | backslash@0.2.1 contains malware after npm account takeover | Qix- | node-backslash | - | - | 2025-09-15 19:09:54 | Deep Dive |
| CVE-2025-59037 | DuckDB NPM packages 1.3.3 and 1.29.2 briefly compromised with malware | duckdb | duckdb-node | - | - | 2025-09-09 20:26:58 | Deep Dive |
| CVE-2025-54798 | tmp does not restrict arbitrary temporary file / directory write via symbolic link `dir` parameter | raszi | node-tmp | Low | 2.5 | 2025-08-07 00:04:35 | Deep Dive |
| CVE-2025-54419 | Node-SAML Contains SAML Signature Verification Vulnerability | node-saml | node-saml | Critical | 10.0 | 2025-07-28 19:47:47 | Deep Dive |
| CVE-2025-27210 | Node.js 路径遍历漏洞 | nodejs | node | - | - | 2025-07-18 22:54:27 | Deep Dive |
| CVE-2025-27209 | Node.js 安全漏洞 | nodejs | node | 高危 | - | 2025-07-18 22:54:27 | Deep Dive |
| CVE-2025-53372 | node-code-sandbox-mcp has a Sandbox Escape via Command Injection | alfonsograziano | node-code-sandbox-mcp | High | 7.5 | 2025-07-08 14:54:42 | Deep Dive |
| CVE-2025-48013 | Quick Node Block - Moderately critical - Access bypass - SA-CONTRIB-2025-065 | Drupal | Quick Node Block | - | - | 2025-06-11 14:20:06 | Deep Dive |
| CVE-2025-48444 | Quick Node Block - Moderately critical - Access bypass - SA-CONTRIB-2025-064 | Drupal | Quick Node Block | - | - | 2025-06-11 14:19:21 | Deep Dive |
| CVE-2025-23165 | Node.js 安全漏洞 | nodejs | node | 低危 | - | 2025-05-19 01:25:09 | Deep Dive |
| CVE-2025-23166 | Node.js 安全漏洞 | nodejs | node | 中危 | - | 2025-05-19 01:25:08 | Deep Dive |
| CVE-2025-23167 | Node.js 安全漏洞 | nodejs | node | 中危 | - | 2025-05-19 01:25:08 | Deep Dive |
| CVE-2025-46653 | formidable 安全特征问题漏洞 | node-formidable | Formidable | Low | 3.1 | 2025-04-26 00:00:00 | Deep Dive |
| CVE-2025-29775 | xml-crypto Vulnerable to XML Signature Verification Bypass via DigestValue Comment | node-saml | xml-crypto | 高危 | - | 2025-03-14 17:11:06 | Deep Dive |
| CVE-2025-29774 | xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References | node-saml | xml-crypto | 高危 | - | 2025-03-14 17:05:54 | Deep Dive |
| CVE-2025-2189 | Information Disclosure Vulnerability in Tinxy Smart Devices | Mogify Infotech | Tinxy Wi-Fi Lock Controller v1 RF | 中危 | - | 2025-03-11 11:40:20 | Deep Dive |
| CVE-2025-24876 | Authentication bypass via authorization code injection in SAP Approuter | SAP_SE | SAP Approuter Node.js package | High | 8.1 | 2025-02-11 00:37:41 | Deep Dive |
| CVE-2025-23085 | Node.js 安全漏洞 | NodeJS | Node | 中危 | - | 2025-02-07 07:09:26 | Deep Dive |
| CVE-2025-23084 | Node.js 安全漏洞 | NodeJS | Node | 中危 | - | 2025-01-28 04:35:15 | Deep Dive |