Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

alexghr

Source -

NVD

BOS Name -

N/A

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

1
Related CVEsRelated ProductsRelated AssignersReports
1Vulnerabilities found
CVE-2025-54313
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.59% / 88.99%
||
7 Day CHG+0.52%
Published-19 Jul, 2025 | 00:00
Updated-23 Jan, 2026 | 18:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2026-02-12||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

eslint-config-prettier 8.10.1, 9.1.1, 10.1.6, and 10.1.7 has embedded malicious code for a supply chain compromise. Installing an affected package executes an install.js file that launches the node-gyp.dll malware on Windows.

Action-Not Available
Vendor-prettierun-tshomarralexghrprettierPrettierMicrosoft Corporation
Product-homarrgot-fetcheslint-config-prettierpkgr\/corewindowseslint-plugin-prettiernapi-postinstallsynckiteslint-config-prettiereslint-config-prettier
CWE ID-CWE-506
Embedded Malicious Code