VYPR

npm package

debug

pkg:npm/debug

Malware

3 malicious versions on record

One or more versions of this package have been flagged as containing malicious code. Audit any system that installed an affected version.

Vulnerabilities (3)

  • CVE-2025-59144HigSep 15, 2025
    affected >= 4.4.2, < 4.4.3fixed 4.4.3

    debug is a JavaScript debugging utility. On 8 September 2025, the npm publishing account for debug was taken over after a phishing attack. Version 4.4.2 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cr

  • CVE-2017-20165Jan 9, 2023
    affected >= 3.0.0, < 3.1.0fixed 3.1.0

    A vulnerability classified as problematic has been found in debug-js debug up to 3.0.x. This affects the function useColors of the file src/node.js. The manipulation of the argument str leads to inefficient regular expression complexity. Upgrading to version 3.1.0 is able to addr

  • CVE-2017-16137MedJun 7, 2018
    affected < 2.6.9fixed 2.6.9

    The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue.