ByteOS Network

pkgr\/core

Source -

NVD

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

1Vulnerabilities found

CVE-2025-54313

Assigner-MITRE Corporation

View Details

Assigner-MITRE Corporation

CVSS Score-7.5||HIGH

EPSS-4.59% / 88.99%

7 Day CHG+0.52%

Published-19 Jul, 2025 | 00:00

Updated-23 Jan, 2026 | 18:33

Known KEV||Action Due Date - 2026-02-12||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

eslint-config-prettier 8.10.1, 9.1.1, 10.1.6, and 10.1.7 has embedded malicious code for a supply chain compromise. Installing an affected package executes an install.js file that launches the node-gyp.dll malware on Windows.

Vendor-prettier un-ts homarr alexghr prettier Prettier Microsoft Corporation

Product-homarr got-fetch eslint-config-prettier pkgr\/core windows eslint-plugin-prettier napi-postinstall synckit eslint-config-prettier eslint-config-prettier

CWE ID-CWE-506

Embedded Malicious Code