This page collects WhisperX intelligence signals tagged #npm vulnerability. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
在 amaybaum-prod 维护的 Kibana 2 项目代码库中,一个关键依赖项被标记为存在可被利用的安全漏洞。项目当前使用的 `yaml-2.5.1.tgz` 库包含一个编号为 CVE-2026-33532 的漏洞,其 CVSS 评分为 4.3(中等严重性)。该漏洞被安全扫描工具明确标记为“可被利用”,意味着攻击者有可能通过特定的代码路径触发此漏洞。该依赖项通过项目的 `/package.json` 文件引入,并存在于最新的代码提交(dd41e44)中,表明这是一个活跃的、未修复的风险点。 此漏洞直接影响 JavaScript 生态中广泛使用的 YAML 解析与序列化库 `yaml`。虽然 4.3 的评分属于中等风险,但“...
Aikido has resolved a critical vulnerability in the popular form-data npm library through a minor version upgrade from 4.0.0 to 4.0.4. The security flaw, tracked as CVE-2025-7783, stems from the use of insufficiently random values that expose applications to HTTP Parameter Pollution (HPP) attacks. The vulnerability was...
A critical denial-of-service vulnerability has been identified in the popular multiparty npm package, potentially exposing countless Node.js applications to remote crash attacks. The flaw, tracked as CVE-2026-8162 with a CVSS score of 7.5 (High), affects all versions of multiparty up to and including version 4.2.3. Th...