The product contains code that appears to be malicious in nature.
85 vulnerabilities with CWE-506
CVE-2025-59037
HIGH
DuckDB Node.js Packages 1.3.3 and 1.29.2 - Embedded Malicious Code
CVE-2025-8217
MEDIUM
Amazon Q Developer VS Code <1.85.0 - Info Disclosure
CVSS 4.0
CVE-2025-54313
HIGH
KEV
eslint-config-prettier <10.1.7 - Code Injection
CVSS 7.5
CVE-2025-32965
CRITICAL
xrpl.js <4.2.1-4.2.4, 2.14.2 - Code Injection
CVE-2025-30154
HIGH
KEV
reviewdog/action-setup - Embedded Malicious Code via Compromised GitHub Action
CVSS 8.6
CVE-2025-30066
HIGH
KEV
tj-actions changed-files < 46 - Unauthenticated Secret Exposure via Malicious Commit
CVSS 8.6
CVE-2024-10938
MEDIUM
OVRI Payment 1.7.0 - Malicious File Execution
CVSS 6.5
CVE-2024-4978
HIGH
KEV
Justice AV Solutions Viewer Setup <8.3.7.250-1 - Code Injection
CVSS 8.4
CVE-2024-3094
CRITICAL
xz <5.6.0 - Code Injection
CVSS 10.0
CVE-2023-2003
CRITICAL
Unitronics Vision1210 Firmware 4.3 Build 5 - Remote Code Execution via PCOM Protocol
CVSS 9.1
CVE-2021-22887
LOW
Pulse Secure PSA5000/PSA7000 - Privilege Escalation
CVSS 2.3
CVE-2020-15165
CRITICAL
Chameleon Mini Live Debugger <1.1.6 - Info Disclosure
CVSS 9.3
CVE-2018-25117
CRITICAL
Vesta Control Panel a3f0fa1-ee03eff - Embedded Malicious Code via Compromised Installer
CVE-2017-20203
CRITICAL
NetSarang Xmanager Enterprise/Xshell/Xftp/Xlpd <5.0 - RCE
CVE-2017-20202
CRITICAL
Web Developer for Chrome <0.4.9 - Code Injection
CVE-2017-20201
CRITICAL
CCleaner v5.33.6162 & CCleaner Cloud v1.07.3191 (32-bit) - RCE
CVE-2017-16207
HIGH
discordi.js - Embedded Malicious Code
CVSS 7.3
CVE-2017-16205
HIGH
Coffeescript - Info Disclosure
CVSS 7.5
CVE-2017-16204
HIGH
jquey - Unauthorized Sensitive Data Exfiltration During Installation
CVSS 7.5
CVE-2017-16203
HIGH
coffescript - Exposure of Sensitive Information via Installation Process
CVSS 7.5
CVE-2017-16202
HIGH
cofeescript - Unauthorized Sensitive Data Exposure via Installation Process
CVSS 7.5
CVE-2017-16128
CRITICAL
npm-script-demo - Command Injection
CVSS 9.8
CVE-2017-16081
HIGH
cross-env.js - Exposure of Sensitive Information via Malicious Environment Variable Hijacking
CVSS 7.5
CVE-2017-16080
HIGH
nodesass - Exposure of Sensitive Information via Malicious Environment Variable Hijacking
CVSS 7.5
CVE-2017-16079
HIGH
smb - Exposure of Sensitive Information via Malicious Environment Variable Hijacking
CVSS 7.5
Details
Vulnerabilities
85