CVE-2020-26256 Denial of service in fast-csv

Fast-csv is an npm package for parsing and formatting CSVs or any other delimited value file in node. In fast-cvs before version 4.3.6 there is a possible ReDoS vulnerability Regular Expression Denial of Service when using ignoreEmpty option when parsing. This has been patched in v4.3.6 You will...

CVE-2020-26256

CVE-2020-26256 affects the fast-csv family (fast-csv and @fast-csv/parse) prior to version 4.3.6. The vulnerability is a Regular Expression Denial of Service (ReDoS) caused by the EMPTY_ROW_REGEXP when parsing with the ignoreEmpty option. A remote attacker could trigger a denial of service; docum...

Denial of service in fast-csv

Impact Possible ReDoS Regular Expression Denial of Service when using ignoreEmpty option when parsing. Patches This has been patched in v4.3.6 Workarounds You will only be affected by this if you use the ignoreEmpty parsing option. If you do use this option it is recommended that you upgrade to t...

GitHub Security Lab: [javascript] CWE-614: CodeQL query to detect if cookies are sent without the flag secure being set

This bug was reported directly to GitHub Security Lab...

GitHub Security Lab: [javascript] CWE-90: CodeQL to detect LDAP Injection

This bug was reported directly to GitHub Security Lab...

GitHub Security Lab: CodeQL query to detect XSLT injections

This bug was reported directly to GitHub Security Lab...

Command injection in codecov (npm package)

Impact The upload method has a command injection vulnerability. Clients of the codecov-node library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. A similar CVE was issued: CVE-2020-7597, but the fix was incomplete. It only blocked &, and...

Command Injection in standard-version

GitHub Security Lab GHSL Vulnerability Report: GHSL-2020-111 The GitHub Security Lab team has identified a potential security vulnerability in standard-version. Summary The standardVersion function has a command injection vulnerability. Clients of the standard-version library are unlikely to be...

GitHub Security Lab: [javascript] CWE-020: CodeQL query to detect missing origin validation in cross-origin communication via postMessage

This bug was reported directly to GitHub Security Lab...

GitHub Security Lab: CodeQL query to detect OGNL injections

This bug was reported directly to GitHub Security Lab...

GitHub Security Lab: CodeQL query for SpEL injections

This bug was reported directly to GitHub Security Lab...

GitHub Security Lab: CodeQL query to detect Server-Side Template Injections (JavaScript)

This bug was reported directly to GitHub Security Lab...

GitHub Security Lab: CodeQL query for unsafe TLS versions

This bug was reported directly to GitHub Security Lab...

GitHub Security Lab: CodeQL query for MVEL injections

This bug was reported directly to GitHub Security Lab...

GitHub Security Lab: CodeQL query to detect JNDI injections

This bug was reported directly to GitHub Security Lab...

GitHub Security Lab: CodeQL query to detect open Spring Boot actuator endpoints

This bug was reported directly to GitHub Security Lab...

GitHub Security Lab: CodeQL query to detect SSRF in Python

This bug was reported directly to GitHub Security Lab...

jQuery <= 3.5 html() Cross Site Scripting Exploit

Exploit for jsp platform in category web applications jquery-xss-in-html jQuery 3.5 Cross-Site Scripting XSS in html Timmy Willison recently released a new version of jQuery. jQuery 3.5 fixes a cross-site scripting XSS vulnerability found in the jQuery’s HTML parser. The Snyk open source security...

GitHub Security Lab: CodeQL query for finding LDAP Injection (CWE-90) vulnerabilities in Java

This bug was reported directly to GitHub Security Lab...

GitHub Security Lab: CodeQL query for finding CSRF vulnerabilities in Spring applications

This bug was reported directly to GitHub Security Lab...