Evilpacket

**Name of the Vulnerable Software and Affected Versions** verdaccio versions prior to 3.12.0 **Description** The issue is a Cross-Site Scripting (XSS) vulnerability, where malicious packages with JavaScript content can be executed in the User Interface, potentially stealing user credentials. **Recommendations** For versions prior to 3.12.0, upgrade to version 3.12.0 or later, or migrate to a major version 4.0.0 or later to fix the issue. At the moment, there is no workaround available without upgrading.

Name of the Vulnerable Software and Affected Versions: growl versions prior to 1.10.2 Description: The issue allows for arbitrary command execution due to improper input sanitization before passing it to a shell command. Recommendations: Update to version 1.10.2 or later.