359 matches found
EUVD-2023-29512
Malicious code in bioql PyPI...
EUVD-2023-51736
Malicious code in bioql PyPI...
abracadabra (>=0.0.0 <=0.0.7), ac-solver (=0.1.0) +307 more potentially affected by CVE-2025-30167 via jupyter-core (>=4.10.0 <=5.8.0)
jupyter-core PYPI version =4.10.0, =0.0.0, =0.14.0.3, =1.0.0, =0.1.23, =0.20.0, =0.9.5, =0.1.0, =0.0.4, =1.0.1, =0.1.0, =1.0.1, =1.0.1, =1.0.14 and more Source cves: CVE-2025-30167 Source advisory: OSV:GHSA-33P9-3P43-82VQ...
CVE-2023-25557
DataHub is an open-source metadata platform. The DataHub frontend acts as a proxy able to forward any REST or GraphQL requests to the backend. The goal of this proxy is to perform authentication if needed and forward HTTP requests to the DataHub Metadata Store GMS. It has been discovered that the...
CVE-2023-25558
DataHub is an open-source metadata platform. When the DataHub frontend is configured to authenticate via SSO, it will leverage the pac4j library. The processing of the idtoken is done in an unsafe manner which is not properly accounted for by the DataHub frontend. Specifically, if any of the...
CVE-2023-47629
DataHub is an open-source metadata platform. In affected versions sign-up through an invite link does not properly restrict users from signing up as privileged accounts. If a user is given an email sign-up link they can potentially create an admin account given certain preconditions. If the defau...
CVE-2023-47628
DataHub is an open-source metadata platform. DataHub Frontend's sessions are configured using Play Framework's default settings for stateless session which do not set an expiration time for a cookie. Due to this, if a session cookie were ever leaked, it would be valid forever. DataHub uses a...
CVE-2023-47640
DataHub is an open-source metadata platform. The HMAC signature for DataHub Frontend sessions was being signed using a SHA-1 HMAC with the frontend secret key. SHA1 with a 10 byte key can be brute forced using sufficient resources i.e. state level actors with large computational capabilities...
CVE-2013-0682
Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 do not properly handle exceptions, which allows remote attackers to cause a denial of service application crash or possibly execute...
CVE-2013-0680
Stack-based buffer overflow in the web server in Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 allows remote attackers to cause a denial of service daemon crash or possibly execute...
CVE-2011-3501
Integer overflow in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to cause a denial of service crash via a negative or large Content-Length value...
CVE-2011-3502
The web server in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to obtain the source code of executable files via a request with a trailing 1 space or 2 %2e encoded dot...
CVE-2011-3500
Directory traversal vulnerability in the web server in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to read arbitrary files via a ..\ dot dot backslash in an HTTP request...
CVE-2011-3493
Multiple stack-based buffer overflows in the DHOneSecondTick function in Cogent DataHub 7.1.1.63 and earlier allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via long 1 domain, 2 reportdomain, 3 registerdatahub, or 4 slave commands...
CVE-2013-0683
The DataSim and DataPid demonstration clients in Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 allow remote servers to cause a denial of service incorrect pointer access and client cra...
Malicious code in datahub-react-web (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f1d82378a4b4eeb1355f9d5fbee783eb02ebfd625e5b7480f1ab594461b8d90d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-2663 Malicious code in datahub-react-web (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f1d82378a4b4eeb1355f9d5fbee783eb02ebfd625e5b7480f1ab594461b8d90d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2022-39366
DataHub is an open-source metadata platform. Prior to version 0.8.45, the StatelessTokenService of the DataHub metadata service GMS does not verify the signature of JWT tokens. This allows an attacker to connect to DataHub instances as any user if Metadata Service authentication is enabled. This...
CVE-2024-29037
datahub-helm provides the Kubernetes Helm charts for deploying Datahub and its dependencies on a Kubernetes cluster. Starting in version 0.1.143 and prior to version 0.2.182, due to configuration issues in the helm chart, if there was a successful initial deployment during a limited window of tim...
CVE-2024-22409
DataHub is an open-source metadata platform. In affected versions a low privileged user could remove a user, edit group members, or edit another user's profile information. The default privileges gave too many broad permissions to low privileged users. These have been constrained in PR 9067 to...