Components
Vulnerabilities
Pricing
MCP
API
Docs
Sign up
Login
Find vulnerabilities. Fix fast with AI.
Search components by package, version, or CVE to get started.
sonatype-2025-005902 | Security Details | Sonatype Guide | Sonatype Guide
Vulnerabilities
sonatype-2025-005902
sonatype-2025-005902
NPM Security Holding Packages - Fri Nov 14 2025
Published Nov 14, 2025
https://help.sonatype.com/en/sonatype-malware-data.html
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-101718.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-108095.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-114021.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-114125.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-116216.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-117494.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-121105.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-122937.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-123013.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-126230.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-127071.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-127170.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-128140.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-129135.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-129609.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-54209.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-57869.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-66756.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-67009.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-67363.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-69349.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-70292.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-76645.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-78442.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-78493.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-79069.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-79653.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-81125.json
CVSS Score
Critical
10.0
Security Details
Security Details
Components Impacted
Components Impacted
Sonatype Research
Sonatype Research
sonatype-2025-005902 Security Details
CVE ID
sonatype-2025-005902
CWE
N/A
CVE Description
NPM Security Holding Packages - Fri Nov 14 2025
Published
Nov 14, 2025
CVSS Score & Severity
10.0
Critical
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score
0%
Malware
malware
KEV Status
Not in KEV Catalog: No known exploits
Affected Ecosystems
affected
Source
Sonatype
References
https://help.sonatype.com/en/sonatype-malware-data.html
THIRD_PARTY
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-101718.json
THIRD_PARTY
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-108095.json
THIRD_PARTY
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-114021.json
THIRD_PARTY
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-114125.json
THIRD_PARTY
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-116216.json
THIRD_PARTY
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-117494.json
THIRD_PARTY
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-121105.json
THIRD_PARTY
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-122937.json
THIRD_PARTY
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-123013.json
THIRD_PARTY
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-126230.json
THIRD_PARTY
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-127071.json
THIRD_PARTY
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-127170.json
THIRD_PARTY
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-128140.json
THIRD_PARTY
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-129135.json
THIRD_PARTY
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-129609.json
THIRD_PARTY
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-54209.json
THIRD_PARTY
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-57869.json
THIRD_PARTY
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-66756.json
THIRD_PARTY
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-67009.json
THIRD_PARTY
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-67363.json
THIRD_PARTY
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-69349.json
THIRD_PARTY
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-70292.json
THIRD_PARTY
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-76645.json
THIRD_PARTY
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-78442.json
THIRD_PARTY
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-78493.json
THIRD_PARTY
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-79069.json
THIRD_PARTY
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-79653.json
THIRD_PARTY
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-81125.json
THIRD_PARTY
