npm package
@duckdb/node-api
pkg:npm/%40duckdb/node-api
Malware
2 malicious versions on record
One or more versions of this package have been flagged as containing malicious code. Audit any system that installed an affected version.
- GHSA-6rwc-3xrf-pxv6Duplicate Advisory: Malware in @duckdb/node-apiSep 9, 2025
- MAL-2025-46992Malicious code in @duckdb/node-api (npm)Sep 9, 2025
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-59037 | Hig | — | >= 1.3.3, < 1.3.4-alpha.27 | 1.3.4-alpha.27 | Sep 9, 2025 | DuckDB is an analytical in-process SQL database management system. On 08 September 2025, the DuckDB distribution for Node.js on npm was compromised with malware (along with several other packages). An attacker published new versions of four of DuckDB's packages that included mali |
- affected >= 1.3.3, < 1.3.4-alpha.27fixed 1.3.4-alpha.27
DuckDB is an analytical in-process SQL database management system. On 08 September 2025, the DuckDB distribution for Node.js on npm was compromised with malware (along with several other packages). An attacker published new versions of four of DuckDB's packages that included mali