OSV - Open Source Vulnerabilities

GHSA-733v-p3h5-qpq7

npm/@escape.tech/graphql-armor-cost-limit

GraphQL Armor Cost-Limit Plugin Bypass via Introspection Query Obfuscation

5 hours ago

No fix available
Severity - 5.3 (Medium)

GHSA-cpj6-fhp6-mr6j

npm/react-router

React Router allows pre-render data spoofing on React-Router framework mode

yesterday

Fix available
Severity - 8.2 (High)

GHSA-f46r-rw29-r322

npm/react-router

React Router allows a DoS via cache poisoning by forcing SPA mode

yesterday

Fix available
Severity - 7.5 (High)

GHSA-pj3v-9cm8-gvj8

npm/@trpc/server

tRPC 11 WebSocket DoS Vulnerability

yesterday

Fix available
Severity - 8.7 (High)

MAL-2025-3297

npm/keypair-encryptor

Malicious code in keypair-encryptor (npm)

yesterday

No fix available

MAL-2025-3296

npm/@template-builder/iframe-api

Malicious code in @template-builder/iframe-api (npm)

yesterday

No fix available

GHSA-v64v-fq96-c5wv

npm/@posthog/plugin-server

PostHog Plugin Server SQL Injection Vulnerability

2 days ago

No fix available
Severity - 7.1 (High)

MAL-2025-3280

npm/euf-ele-hf

Malicious code in euf-ele-hf (npm)

2 days ago

No fix available

GHSA-8cc4-rfj6-fhg4

npm/pnpm

pnpm uses the md5 path shortening function causes packet paths to coincide, which causes indirect packet overwriting

2 days ago

Fix available
Severity - 6.5 (Medium)

MAL-2025-3290

npm/nsdhqhlqqka

Malicious code in nsdhqhlqqka (npm)

2 days ago

No fix available

MAL-2025-3294

npm/windpapi-prebuild

Malicious code in windpapi-prebuild (npm)

2 days ago

No fix available

MAL-2025-3286

npm/ds-sudqusdqhsdhqsdzoqi

Malicious code in ds-sudqusdqhsdhqsdzoqi (npm)

2 days ago

No fix available

MAL-2025-3291

npm/quaoqpdizoqsqdqsd

Malicious code in quaoqpdizoqsqdqsd (npm)

2 days ago

No fix available

MAL-2025-3293

npm/watch-test-unit

Malicious code in watch-test-unit (npm)

2 days ago

No fix available

MAL-2025-3284

npm/com.adjust.test

Malicious code in com.adjust.test (npm)

2 days ago

No fix available

MAL-2025-3292

npm/vertex-lba

Malicious code in vertex-lba (npm)

2 days ago

No fix available