{"uuid": "289697c2-61dc-410f-8343-aba0be87728d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "name": "npm.js - account qix and duckdb_admin compromised and associated CVEs allocated", "description": "### CVE Assigned for the account compromised \n\nAccount compromised: [https://www.npmjs.com/~qix)](https://www.npmjs.com/~qix) and `duckdb_admin`  - [source code of the malware ](https://gist.github.com/sindresorhus/2b7466b1ec36376b8742dc711c24db20)\n\n-  DuckDB packages - https://github.com/duckdb/duckdb-node/security/advisories/GHSA-w62p-hx95-gf2c -  CVE-2025-59037 \n-  Prebid - prebid-universal-creative - https://vulnerability.circl.lu/vuln/CVE-2025-59039 - CVE-2025-59039\n-  Prebid.js - https://vulnerability.circl.lu/vuln/cve-2025-59038 - CVE-2025-59038\n\n### Package known to be compromised\n\n| Package                                                                  | Version |\n| ------------------------------------------------------------------------ | ------- |\n| [backslash](https://www.npmjs.com/package/backslash)                     | 0.2.1   |\n| [chalk-template](https://www.npmjs.com/package/chalk-template)           | 1.1.1   |\n| [supports-hyperlinks](https://www.npmjs.com/package/supports-hyperlinks) | 4.1.1   |\n| [has-ansi](https://www.npmjs.com/package/has-ansi)                       | 6.0.1   |\n| [simple-swizzle](https://www.npmjs.com/package/simple-swizzle)           | 0.2.3   |\n| [color-string](https://www.npmjs.com/package/color-string)               | 2.1.1   |\n| [error-ex](https://www.npmjs.com/package/error-ex)                       | 1.3.3   |\n| [color-name](https://www.npmjs.com/package/color-name)                   | 2.0.1   |\n| [is-arrayish](https://www.npmjs.com/package/is-arrayish)                 | 0.3.3   |\n| [slice-ansi](https://www.npmjs.com/package/slice-ansi)                   | 7.1.1   |\n| [color-convert](https://www.npmjs.com/package/color-convert)             | 3.1.1   |\n| [wrap-ansi](https://www.npmjs.com/package/wrap-ansi)                     | 9.0.1   |\n| [ansi-regex](https://www.npmjs.com/package/ansi-regex)                   | 6.2.1   |\n| [supports-color](https://www.npmjs.com/package/supports-color)           | 10.2.1  |\n| [strip-ansi](https://www.npmjs.com/package/strip-ansi)                   | 7.1.1   |\n| [chalk](https://www.npmjs.com/package/chalk)                             | 5.6.1   |\n| [debug](https://www.npmjs.com/package/debug)                             | 4.4.2   |\n| [ansi-styles](https://www.npmjs.com/package/ansi-styles)                 | 6.2.2   |", "creation_timestamp": "2025-09-10T13:18:37.562245+00:00", "timestamp": "2025-09-10T15:17:24.667821+00:00", "related_vulnerabilities": ["CVE-2025-59038", "CVE-2025-59039", "CVE-2025-59037", "GHSA-w62p-hx95-gf2c"], "author": {"login": "cedric", "name": "C\u00e9dric Bonhomme", "uuid": "af0120d0-3dac-4a6a-974b-a9f33d2a9846"}}