Approved changes feed: RSS · Atom

cpe:2.3:a:alexghr:got-fetch:5.1.2:*:*:*:*:node.js:*:*

part: a version: 5.1.2 update: *

VendorAlexghr (217b7017-1b20-5faf-8758-3ae5d1fe5eae)
ProductGot Fetch (b7ae979f-986b-5533-8cd5-2026d6546dc9)
Edition*
Language*
Software edition*
Target softwarenode.js
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
pkg:github/alexghr/got-fetch purl2cpe 2026-06-01 10:12:21.160338

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2025-54313 vulnerable 2026-06-08 07:33:12.340356 Details available
HIGH (7.5)
eslint-config-prettier 8.10.1, 9.1.1, 10.1.6, and 10.1.7 has embedded malicious code for a supply chain compromise. Installing an affected package executes an install.js file that launches the node-gyp.dll malware on Windows.
Published: 2025-07-19T00:00:00.000Z
Updated: 2026-02-26T17:50:26.767Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.