MAL-2026-4397 Malicious code in @jemavidev/betteragents-pi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3b6e1a3902ad5cc75204b7a6eea3727c6a6c31797d7cfd7a0cd12a64892887bd The package brands itself as an OpenRouter LLM extension and instructs users to obtain a key with the canonical sk-or-v1- prefix from...

Server-Side Request Forgery (SSRF)

httparty is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of user-supplied URLs, which allows an attacker to force the application to send unauthorized requests to internal servers and potentially leak sensitive information such as API keys...

CVE-2025-68696

httparty is an API tool. In versions 0.23.2 and prior, httparty is vulnerable to SSRF. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to internal servers. This issue has been patched via commit 0529bcd...

DEBIAN-CVE-2025-68696

httparty is an API tool. In versions 0.23.2 and prior, httparty is vulnerable to SSRF. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to internal servers. This issue has been patched via commit 0529bcd...

CVE-2025-68696 httparty Has Potential SSRF Vulnerability That Leads to API Key Leakage

httparty is an API tool. In versions 0.23.2 and prior, httparty is vulnerable to SSRF. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to internal servers. This issue has been patched via commit 0529bcd...

CVE-2025-68696 httparty Has Potential SSRF Vulnerability That Leads to API Key Leakage

httparty is an API tool. In versions 0.23.2 and prior, httparty is vulnerable to SSRF. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to internal servers. This issue has been patched via commit 0529bcd...

CVE-2025-68696 httparty Has Potential SSRF Vulnerability That Leads to API Key Leakage

httparty is an API tool. In versions 0.23.2 and prior, httparty is vulnerable to SSRF. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to internal servers. This issue has been patched via commit 0529bcd...

httparty Has Potential SSRF Vulnerability That Leads to API Key Leakage

Summary There may be an SSRF vulnerability in httparty. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to internal servers. Details When httparty receives a path argument that is an absolute URL, it ignores the baseuri field. As a result, if ...

GHSA-HM5P-X4RQ-38W4 httparty Has Potential SSRF Vulnerability That Leads to API Key Leakage

Summary There may be an SSRF vulnerability in httparty. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to internal servers. Details When httparty receives a path argument that is an absolute URL, it ignores the baseuri field. As a result, if ...

CVE-2025-10282 GitLab Domain Confusion in gitlab Leaks API Key

BBOT's gitlab module could be abused to disclose a GitLab API key to an attacker controlled server with a malicious formatted git URL...

EUVD-2025-7129

Malicious code in bioql PyPI...

EUVD-2025-6833

Malicious code in bioql PyPI...

EUVD-2023-54754

Malicious code in bioql PyPI...

CVE-2025-53660

Jenkins QMetry Test Management Plugin 1.13 and earlier does not mask Qmetry Automation API Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

CVE-2024-10109

A vulnerability in the mintplex-labs/anything-llm repository, as of commit 5c40419, allows low privilege users to access the sensitive API endpoint "/api/system/custom-models". This access enables them to modify the model's API key and base path, leading to potential API key leakage and denial of...

GHSA-G5PG-73FC-HJWQ LiteLLM Reveals Portion of API Key via a Logging File

In berriai/litellm before version 1.44.12, the litellm/litellmcoreutils/litellmlogging.py file contains a vulnerability where the API key masking code only masks the first 5 characters of the key. This results in the leakage of almost the entire API key in the logs, exposing a significant amount ...

CVE-2025-0330

In berriai/litellm version v1.52.1, an issue in proxyserver.py causes the leakage of Langfuse API keys when an error occurs while parsing team settings. This vulnerability exposes sensitive information, including langfusesecret and langfusepublickey, which can provide full access to the Langfuse...

CVE-2024-9606

In berriai/litellm before version 1.44.12, the litellm/litellmcoreutils/litellmlogging.py file contains a vulnerability where the API key masking code only masks the first 5 characters of the key. This results in the leakage of almost the entire API key in the logs, exposing a significant amount ...

CVE-2024-10109

A vulnerability in the mintplex-labs/anything-llm repository, as of commit 5c40419, allows low privilege users to access the sensitive API endpoint "/api/system/custom-models". This access enables them to modify the model's API key and base path, leading to potential API key leakage and denial of...

CVE-2024-10109

A vulnerability in the mintplex-labs/anything-llm repository, as of commit 5c40419, allows low privilege users to access the sensitive API endpoint "/api/system/custom-models". This access enables them to modify the model's API key and base path, leading to potential API key leakage and denial of...