VYPR
Vendor

Qix

Products
7
CVEs
6
Across products
6
Status
Private

Products

7

Recent CVEs

6
  • CVE-2025-59331HigSep 15, 2025
    risk 0.57cvss epss 0.00

    is-arrayish checks if an object can be used like an Array. On 8 September 2025, an npm publishing account for is-arrayish was taken over after a phishing attack. Version 0.3.3 was published, functionally identical to the previous patch version, but with a malware payload added…

  • CVE-2025-59330HigSep 15, 2025
    risk 0.57cvss epss 0.00

    error-ex allows error subclassing and stack customization. On 8 September 2025, an npm publishing account for error-ex was taken over after a phishing attack. Version 1.3.3 was published, functionally identical to the previous patch version, but with a malware payload added…

  • CVE-2025-59162HigSep 15, 2025
    risk 0.57cvss epss 0.00

    color-convert provides plain color conversion functions in JavaScript. On 8 September 2025, the npm publishing account for color-convert was taken over after a phishing attack. Version 3.1.1 was published, functionally identical to the previous patch version, but with a malware…

  • CVE-2025-59143HigSep 15, 2025
    risk 0.57cvss epss 0.00

    color is a Javascript color conversion and manipulation library. On 8 September 2025, the npm publishing account for color was taken over after a phishing attack. Version 5.0.1 was published, functionally identical to the previous patch version, but with a malware payload added…

  • CVE-2025-59141HigSep 15, 2025
    risk 0.57cvss epss 0.00

    simple-swizzle swizzles function arguments. On 8 September 2025, the npm publishing account for simple-swizzle was taken over after a phishing attack. Version 0.2.3 was published, functionally identical to the previous patch version, but with a malware payload added attempting…

  • CVE-2025-59140HigSep 15, 2025
    risk 0.57cvss epss 0.00

    backlash parses collected strings with escapes. On 8 September 2025, the npm publishing account for backslash was taken over after a phishing attack. Version 0.2.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to…