This page collects WhisperX intelligence signals tagged #npm-vulnerability. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A medium-severity XML injection vulnerability in `fast-xml-parser` versions below 5.7.0 has been identified as reachable through a transitive dependency chain affecting `firebase-admin` deployments. The flaw, cataloged as GHSA-gh4j-gqv2-49f6 with a CVSS score of 6.1, allows attackers to inject malformed XML structures ...
A critical security vulnerability has been identified in Happy-DOM versions 19 and earlier, prompting urgent migration to version 20. The flaw, tracked as CVE-2025-61927 (GHSA-37j7-fg3j-429f), enables VM context escape that grants access to process-level functionality, creating a direct path to remote code execution on...