Vulnerability in Debug-js Debug

CVE-2025-59144

debug is a JavaScript debugging utility. On 8 September 2025, the npm publishing account for debug was taken over after a phishing attack. Version 4.4.2 was published, functionally identical to the previous patch version, but with a malwar…

EPSS: 0.004 (29.7th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References