Harborist has published a new CVE: www.cve.org/CVERecord?id... This is on all versions v1.0.4 and below of the npmjs.com/cipher-base package. NOTE: this applies to all node and browser versions; please upgrade to v1.0.6 or later!

Harborist has published a new CVE: www.cve.org/cverecord?id... This is on all versions of the npmjs.com/form-data package, on all node versions. Please note: node 18+ and all modern browsers (caniuse.com?search=formd...) have FormData built in - please consider migrating to it!

Harborist has just published its first two CVEs: www.cve.org/CVERecord?id... www.cve.org/CVERecord?id... Both are on npmjs.com/pbkdf2, please update to v3.1.3!

Harborist is now a CVE Numbering Authority (CNA) assigning CVE IDs for all projects listed under www.npmjs.com/~ljharb cve.org/Media/News/i... #cve #cna #vulnerability #vulnerabilitymanagement #cybersecurity