18 matches found
Malicious Package
Overview codeql-query is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
EUVD-2020-1489
Malware in sbrugna...
EUVD-2023-2119
Malicious code in bioql PyPI...
CVE-2024-45388
Hoverfly is a lightweight service virtualization/ API simulation / API mocking tool for developers and testers. The /api/v2/simulation POST handler allows users to create new simulation views from the contents of a user-specified file. This feature can be abused by an attacker to read arbitrary...
CVE-2024-28848
OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The CompiledRule::validateExpression method evaluates an SpEL expression using an StandardEvaluationContext, allowing the...
MAL-2025-643 Malicious code in codeql-query (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...
Malicious code in codeql-query (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...
CVE-2024-45388
Hoverfly is a lightweight service virtualization/ API simulation / API mocking tool for developers and testers. The /api/v2/simulation POST handler allows users to create new simulation views from the contents of a user-specified file. This feature can be abused by an attacker to read arbitrary...
CVE-2024-45388 Arbitrary file read in the `/api/v2/simulation` endpoint in hoverfly (`GHSL-2023-274`)
Hoverfly is a lightweight service virtualization/ API simulation / API mocking tool for developers and testers. The /api/v2/simulation POST handler allows users to create new simulation views from the contents of a user-specified file. This feature can be abused by an attacker to read arbitrary...
CVE-2020-26302
is.js is a general-purpose check library. Versions 0.9.0 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service ReDoS. is.js uses a regex copy-pasted from a gist to validate URLs. Trying to validate a malicious string can cause the regex to...
GitHub Security Lab: CodeQL query to detect OGNL injections
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: CodeQL query for MVEL injections
This bug was reported directly to GitHub Security Lab...
jQuery <= 3.5 html() Cross Site Scripting Exploit
Exploit for jsp platform in category web applications jquery-xss-in-html jQuery 3.5 Cross-Site Scripting XSS in html Timmy Willison recently released a new version of jQuery. jQuery 3.5 fixes a cross-site scripting XSS vulnerability found in the jQuery’s HTML parser. The Snyk open source security...
GitHub Security Lab: CodeQL query for finding LDAP Injection (CWE-90) vulnerabilities in Java
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: CodeQL query for finding CSRF vulnerabilities in Spring applications
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: CodeQL query to detect weak (duplicated) encryption keys for ASP.NET Telerik Upload
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: CodeQL query to detect pages with validationRequest disabled
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: Adds CodeQL query to check for insecure RequestValidationMode in ASP.NET
This bug was reported directly to GitHub Security Lab...