CVE-2025-54313

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-54313

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-54313.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-54313

Aliases

GHSA-f29h-pxvx-f335

Published

2025-07-19T17:15:23.733Z

Modified

2026-04-10T05:34:10.663490Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N CVSS Calculator

Summary

[none]

Details

eslint-config-prettier 8.10.1, 9.1.1, 10.1.6, and 10.1.7 has embedded malicious code for a supply chain compromise. Installing an affected package executes an install.js file that launches the node-gyp.dll malware on Windows.

References

Affected packages

Git / github.com/alexghr/got-fetch

Affected ranges

Type

GIT

Repo

https://github.com/alexghr/got-fetch

Events

Introduced

Last affected

91d71081b3185a6bf9c6765512947789de0f2f2a

Introduced

Last affected

f553ecde7c2dd5e7c48f166e53bb310540b42aaa

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.1.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.1.2"
        }
    ]
}

Type

GIT

Repo

https://github.com/homarr-labs/homarr

Events

Introduced

c2305d4e276e3627c18c3aaa4cbcfbb1d6388570

Fixed

fd62524db309429db1f233b1d0feb8e6ab4efd2d

Database specific

{
    "versions": [
        {
            "introduced": "1.29.0"
        },
        {
            "fixed": "1.30.0"
        }
    ]
}

Type

GIT

Repo

https://github.com/un-ts/pkgr

Events

Introduced

Last affected

d114886817220e2fe6c5737460edac13527096a5

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.2.8"
        }
    ]
}

Type

GIT

Repo

https://github.com/un-ts/synckit

Events

Introduced

Last affected

ebfb59dbf42f665d51e771e46dd1272b178c8295

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.3.1"
        }
    ]
}

Affected versions

@pkgr/es-modules@0.*

@pkgr/es-modules@0.1.0

@pkgr/es-modules@0.2.0

@pkgr/es-modules@0.2.1

@pkgr/es-modules@0.2.2

@pkgr/es-modules@0.2.3

@pkgr/imagemin@0.*

@pkgr/imagemin@0.1.0

@pkgr/imagemin@0.1.1

@pkgr/imagemin@0.1.2

@pkgr/imagemin@0.1.3

@pkgr/imagemin@0.1.4

@pkgr/imagemin@0.2.0

@pkgr/imagemin@0.3.0

@pkgr/imagemin@0.3.1

@pkgr/imagemin@0.3.2

@pkgr/imagemin@0.3.3

@pkgr/imagemin@0.3.4

@pkgr/imagemin@0.3.5

@pkgr/imagemin@0.3.6

@pkgr/imagemin@0.3.7

@pkgr/named-exports@0.*

@pkgr/named-exports@0.1.0

@pkgr/named-exports@0.2.0

@pkgr/named-exports@0.2.1

@pkgr/named-exports@0.2.2

@pkgr/named-exports@0.2.3

@pkgr/named-exports@0.3.0

@pkgr/named-exports@0.4.0

@pkgr/named-exports@0.4.1

@pkgr/named-exports@0.4.2

@pkgr/named-exports@0.4.3

@pkgr/rollup@0.*

@pkgr/rollup@0.1.0

@pkgr/rollup@0.2.0

@pkgr/rollup@0.2.1

@pkgr/rollup@0.2.2

@pkgr/rollup@0.2.3

@pkgr/rollup@0.2.4

@pkgr/rollup@0.2.5

@pkgr/rollup@0.2.6

@pkgr/rollup@0.3.0

@pkgr/rollup@0.4.0

@pkgr/rollup@0.6.0

@pkgr/rollup@0.6.1

@pkgr/rollup@0.6.2

@pkgr/rollup@0.6.3

@pkgr/rollup@0.6.4

@pkgr/rollup@0.6.5

@pkgr/rollup@0.6.6

@pkgr/rollup@0.6.7

@pkgr/rollup@0.7.0

@pkgr/rollup@0.8.0

@pkgr/rollup@0.8.1

@pkgr/rollup@0.8.10

@pkgr/rollup@0.8.2

@pkgr/rollup@0.8.3

@pkgr/rollup@0.8.4

@pkgr/rollup@0.8.5

@pkgr/rollup@0.8.6

@pkgr/rollup@0.8.7

@pkgr/rollup@0.8.8

@pkgr/rollup@0.9.0

@pkgr/rollup@0.9.1

@pkgr/rollup@0.9.2

@pkgr/rollup@0.9.3

@pkgr/rollup@0.9.4

@pkgr/rollup@0.9.5

@pkgr/umd-globals@0.*

@pkgr/umd-globals@0.1.0

@pkgr/umd-globals@0.2.0

@pkgr/umd-globals@0.2.1

@pkgr/umd-globals@0.2.2

@pkgr/umd-globals@0.3.0

@pkgr/umd-globals@0.3.1

@pkgr/umd-globals@0.3.2

@pkgr/utils@0.*

@pkgr/utils@0.1.0

@pkgr/utils@0.1.1

@pkgr/utils@0.1.2

@pkgr/utils@0.1.3

@pkgr/utils@0.1.4

@pkgr/utils@0.2.0

@pkgr/utils@0.2.1

@pkgr/utils@0.2.2

@pkgr/utils@0.3.0

@pkgr/utils@0.3.1

@pkgr/utils@0.3.2

@pkgr/utils@0.3.3

@pkgr/utils@0.3.4

@pkgr/utils@0.3.5

@pkgr/utils@0.3.6

@pkgr/utils@0.3.7

@pkgr/utils@0.3.8

@pkgr/webpack-angular@0.*

@pkgr/webpack-angular@0.1.0

@pkgr/webpack-angular@0.1.1

@pkgr/webpack-angular@0.1.2

@pkgr/webpack-angular@0.1.3

@pkgr/webpack-angular@0.1.4

@pkgr/webpack-angular@0.1.5

@pkgr/webpack-angular@0.1.6

@pkgr/webpack-angular@0.1.8

@pkgr/webpack-angular@0.2.0

@pkgr/webpack-angular@0.2.1

@pkgr/webpack-angular@0.2.2

@pkgr/webpack-angular@0.2.3

@pkgr/webpack-mdx@0.*

@pkgr/webpack-mdx@0.1.0

@pkgr/webpack-mdx@0.1.1

@pkgr/webpack-mdx@0.1.2

@pkgr/webpack-mdx@0.1.3

@pkgr/webpack-mdx@0.1.4

@pkgr/webpack-mdx@0.1.5

@pkgr/webpack-mdx@0.1.6

@pkgr/webpack-mdx@0.1.8

@pkgr/webpack-mdx@0.2.0

@pkgr/webpack-mdx@0.2.1

@pkgr/webpack-mdx@0.2.2

@pkgr/webpack-mdx@0.2.3

@pkgr/webpack-mdx@0.2.4

@pkgr/webpack-react@0.*

@pkgr/webpack-react@0.1.0

@pkgr/webpack-react@0.2.0

@pkgr/webpack-react@0.2.1

@pkgr/webpack-react@0.2.10

@pkgr/webpack-react@0.2.11

@pkgr/webpack-react@0.2.2

@pkgr/webpack-react@0.2.3

@pkgr/webpack-react@0.2.4

@pkgr/webpack-react@0.2.5

@pkgr/webpack-react@0.2.7

@pkgr/webpack-react@0.2.8

@pkgr/webpack-react@0.2.9

@pkgr/webpack-svelte@0.*

@pkgr/webpack-svelte@0.1.0

@pkgr/webpack-svelte@0.1.1

@pkgr/webpack-svelte@0.1.2

@pkgr/webpack-svelte@0.1.3

@pkgr/webpack-svelte@0.1.4

@pkgr/webpack-svelte@0.1.5

@pkgr/webpack-svelte@0.1.6

@pkgr/webpack-svelte@0.1.7

@pkgr/webpack-vue@0.*

@pkgr/webpack-vue@0.1.0

@pkgr/webpack-vue@0.2.0

@pkgr/webpack-vue@0.2.1

@pkgr/webpack-vue@0.2.2

@pkgr/webpack-vue@0.2.3

@pkgr/webpack-vue@0.2.4

@pkgr/webpack-vue@0.2.5

@pkgr/webpack-vue@0.2.6

@pkgr/webpack-vue@0.2.7

@pkgr/webpack-vue@0.2.8

@pkgr/webpack@0.*

@pkgr/webpack@0.1.0

@pkgr/webpack@0.1.1

@pkgr/webpack@0.1.2

@pkgr/webpack@0.2.0

@pkgr/webpack@0.2.1

@pkgr/webpack@0.2.2

@pkgr/webpack@0.2.3

@pkgr/webpack@0.2.4

@pkgr/webpack@0.2.5

@pkgr/webpack@0.3.0

@pkgr/webpack@0.4.0

@pkgr/webpack@0.4.1

@pkgr/webpack@0.4.10

@pkgr/webpack@0.4.11

@pkgr/webpack@0.4.12

@pkgr/webpack@0.4.13

@pkgr/webpack@0.4.14

@pkgr/webpack@0.4.16

@pkgr/webpack@0.4.2

@pkgr/webpack@0.4.3

@pkgr/webpack@0.4.4

@pkgr/webpack@0.4.5

@pkgr/webpack@0.4.6

@pkgr/webpack@0.4.7

@pkgr/webpack@0.4.8

@pkgr/webpack@0.4.9

@pkgr/webpack@0.5.0

@pkgr/webpack@0.5.1

@pkgr/webpack@0.5.2

@pkgr/webpack@0.5.3

@pkgr/webpack@0.5.4

@pkgr/webpack@0.5.5

v0.*

v0.1.0

v0.1.0-alpha

v0.1.0-rc.1

v0.1.1

v0.1.2

v0.1.4

v0.1.5

v0.1.6

v0.2.0

v0.3.0

v0.3.1

v1.*

v1.0.0

v1.0.0-rc.1

v1.29.0

v2.*

v2.0.1

v2.0.2

v3.*

v3.0.0

v4.*

v4.0.0

v4.0.1

v4.0.2

v4.0.3

v5.*

v5.0.0

v5.0.1

v5.0.2

v5.1.0

v5.1.1

v5.1.2

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.10.1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.1.1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "10.1.6"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "10.1.7"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "4.2.2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "4.2.3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "0.11.9"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-54313.json"