Components
Vulnerabilities
Pricing
MCP
API
Docs
Sign up
Login
Find vulnerabilities. Fix fast with AI.
Search components by package, version, or CVE to get started.
sonatype-2025-006257 | Security Details | Sonatype Guide | Sonatype Guide
Vulnerabilities
sonatype-2025-006257
sonatype-2025-006257
NPM Security Holding Packages - Fri Nov 14 2025
Published Nov 14, 2025
https://help.sonatype.com/en/sonatype-malware-data.html
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-124963.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-127107.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-127878.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-129547.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-129642.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-131418.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-132392.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-132447.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-132805.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-133536.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-135075.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-135225.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-137946.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-138001.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-138441.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-51098.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-51220.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-52719.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-54145.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-54256.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-54764.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-62869.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-65583.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-66090.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-66176.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-87818.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-88009.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-92807.json
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-96552.json
CVSS Score
Critical
10.0
Security Details
Security Details
Components Impacted
Components Impacted
Sonatype Research
Sonatype Research
sonatype-2025-006257 Security Details
CVE ID
sonatype-2025-006257
CWE
N/A
CVE Description
NPM Security Holding Packages - Fri Nov 14 2025
Published
Nov 14, 2025
CVSS Score & Severity
10.0
Critical
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score
0%
Malware
malware
KEV Status
Not in KEV Catalog: No known exploits
Affected Ecosystems
affected
Source
Sonatype
References
https://help.sonatype.com/en/sonatype-malware-data.html
THIRD_PARTY
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-124963.json
THIRD_PARTY
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-127107.json
THIRD_PARTY
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-127878.json
THIRD_PARTY
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-129547.json
THIRD_PARTY
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-129642.json
THIRD_PARTY
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-131418.json
THIRD_PARTY
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-132392.json
THIRD_PARTY
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-132447.json
THIRD_PARTY
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-132805.json
THIRD_PARTY
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-133536.json
THIRD_PARTY
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-135075.json
THIRD_PARTY
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-135225.json
THIRD_PARTY
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-137946.json
THIRD_PARTY
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-138001.json
THIRD_PARTY
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-138441.json
THIRD_PARTY
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-51098.json
THIRD_PARTY
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-51220.json
THIRD_PARTY
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-52719.json
THIRD_PARTY
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-54145.json
THIRD_PARTY
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-54256.json
THIRD_PARTY
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-54764.json
THIRD_PARTY
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-62869.json
THIRD_PARTY
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-65583.json
THIRD_PARTY
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-66090.json
THIRD_PARTY
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-66176.json
THIRD_PARTY
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-87818.json
THIRD_PARTY
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-88009.json
THIRD_PARTY
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-92807.json
THIRD_PARTY
https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-96552.json
THIRD_PARTY
