Mastra npm packages added easy-day-js malware, exposing developer systems and CI runners to infostealer risks.

Six Proto6 flaws in protobuf.js enable RCE and DoS attacks; patched in versions 7.5.6 and 8.0.2 to protect Node.js services.

Abstract: Recently, scripting languages are becoming popular as languages to develop server-side applications. Modern JavaScript compilers significantly optimize JavaScript code, but their main ...

With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how quickly a compromised package can propagate through the ecosystem. Attackers ...

JAVAONE Oracle has shipped Java 26, a short-term release, and introduced Project Detroit, which promises faster interop between Java, JavaScript, and Python. Java 26 will be supported for just six ...

The Zendesk App Framework (ZAF) SDK is a JavaScript library that simplifies cross-frame communication between iframed apps and ZAF. See App Framework v2 to learn more. Licensed under the Apache ...

Facepalm: A widely used web technology is affected by a serious security vulnerability that can be exploited with minimal effort to compromise servers. Known as "React2Shell," the flaw may require ...

A critical security flaw has been discovered in React, one of the most widely used JavaScript libraries for building websites. The bug enables external attackers to run privileged, arbitrary code on ...

A maximum-severity flaw in the widely used JavaScript library React, and several React-based frameworks including Next.js allows unauthenticated, remote attackers to execute malicious code on ...

CVE-2025-12735 in expr-eval allows remote code execution via unsafe input evaluation Vulnerable versions ≤2.0.2; patched in 2.0.3 and forked in expr-eval-fork 3.0.0 Developers should sanitize ...

It’s finally here - the complete JavaScript tier list. This video ranks the most popular frameworks, libraries, and tools based on performance, usability, and community support. Whether you’re a ...