EUVD-2022-1825

Malicious code in bioql PyPI...

EUVD-2025-27413

Malicious code in bioql PyPI...

CVE-2025-57665

Element Plus Link component el-link through 2.10.6 implements insufficient input validation for the href attribute, creating a security abstraction gap that obscures URL-based attack vectors. The component passes user-controlled href values directly to underlying anchor elements without protocol...

1997ckf-ui-comp (>=0.0.9 <=0.0.17), 1data-business (>=0.0.1 <=0.0.3) +5830 more potentially affected by CVE-2025-57665 via element-plus (>=1.0.1-beta.0 <=2.9.9)

element-plus NPM version =1.0.1-beta.0, =0.0.9, =0.0.1, =1.0.0, =0.1.11, =0.1.0, =1.0.0, =0.3.1, =1.0.0-beta.0, =1.0.0, =0.0.1-alpha.10, =1.0.6, =0.1.20, =0.1.27 and more Source cves: CVE-2025-57665 Source advisory: SNYK:JS-ELEMENTPLUS-12670415...

GHSA-5M5X-9J46-H678 Element Plus Link component (el-link) implements insufficient input validation for the href attribute

Element Plus Link component el-link prior to 2.11.0 implements insufficient input validation for the href attribute, creating a security abstraction gap that obscures URL-based attack vectors. The component passes user-controlled href values directly to underlying anchor elements without protocol...

Improper Encoding or Escaping of Output

Overview element-plus is an A Component Library for Vue 3 Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the href attribute handling in the el-link component. An attacker can execute arbitrary scripts, redirect users to malicious sites, or conduct...

Improper Encoding or Escaping of Output

Overview org.webjars.npm:element-plus is an A Component Library for Vue 3 Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the href attribute handling in the el-link component. An attacker can execute arbitrary scripts, redirect users to malicious...

@17mkh/ui (=0.0.2), @acedatacloud/nexior (>=3.72.0 <=3.193.0) +675 more potentially affected by CVE-2025-57665 via element-plus (>=1.0.1-beta.0 <=2.11.0)

element-plus NPM version =1.0.1-beta.0, =3.72.0, =2.0.1, =0.0.1, =0.0.1, =0.0.1, =0.6.6, =0.3.3, =0.0.1, =0.0.1, =0.1.15, =0.0.1, =0.0.4-alpha.8 and more Source cves: CVE-2025-57665 Source advisory: OSV:GHSA-5M5X-9J46-H678...

Element Plus Link component (el-link) implements insufficient input validation for the href attribute

Element Plus Link component el-link prior to 2.11.0 implements insufficient input validation for the href attribute, creating a security abstraction gap that obscures URL-based attack vectors. The component passes user-controlled href values directly to underlying anchor elements without protocol...

CVE-2025-57665

Element Plus Link component el-link through 2.10.6 implements insufficient input validation for the href attribute, creating a security abstraction gap that obscures URL-based attack vectors. The component passes user-controlled href values directly to underlying anchor elements without protocol...

CVE-2025-57665

Element Plus Link component el-link through 2.10.6 implements insufficient input validation for the href attribute, creating a security abstraction gap that obscures URL-based attack vectors. The component passes user-controlled href values directly to underlying anchor elements without protocol...

Element Plus 安全漏洞

Element Plus is an open source Vue.js 3 UI library from the China Element Plus organization. A security vulnerability exists in Element Plus 2.10.6 and earlier versions, which stems from insufficient input validation of the href attribute and could lead to cross-site scripting attacks and phishin...

PT-2025-36908

Name of the Vulnerable Software and Affected Versions: Element Plus versions through 2.10.6 Description: The Element Plus Link component el-link does not sufficiently validate input for the href attribute, creating a security gap. This allows attackers to inject malicious URLs using dangerous...

CVE-2025-57665

CVE-2025-57665 affects Element Plus Link component (el-link) up to version 2.10.6. The root cause is insufficient input validation of the href attribute, with user-controlled href values passed directly to underlying anchor elements without protocol validation, URL sanitization, or security heade...

CVE-2025-57665

Element Plus Link component el-link through 2.10.6 implements insufficient input validation for the href attribute, creating a security abstraction gap that obscures URL-based attack vectors. The component passes user-controlled href values directly to underlying anchor elements without protocol...

CVE-2025-57665

Element Plus Link component el-link through 2.10.6 implements insufficient input validation for the href attribute, creating a security abstraction gap that obscures URL-based attack vectors. The component passes user-controlled href values directly to underlying anchor elements without protocol...

CVE-2022-27103

element-plus 2.0.5 is vulnerable to Cross Site Scripting XSS via el-table-column...

@17mkh/ui (=0.0.2), @advanced-elements/table (>=2.0.1 <=2.0.10) +638 more potentially affected by CVE-2022-27103 via element-plus (>=1.0.1-beta.0 <=2.0.5)

element-plus NPM version =1.0.1-beta.0, =2.0.1, =0.0.1, =0.0.1, =0.0.1, =0.6.6, =0.3.3, =0.0.1, =0.0.1, =0.1.15, =0.0.1, =0.0.1, =3.5.0 and more Source cves: CVE-2022-27103 Source advisory: OSV:GHSA-RJVG-8V36-XV9R...

GHSA-RJVG-8V36-XV9R element-plus vulnerable to cross-site scripting (XSS) via el-table-column

element-plus below 2.0.5 is vulnerable to Cross Site Scripting XSS when attribute show-tooltips-overflow of el-table-column is true. The mouseover action will make the text of this column render as html...

element-plus vulnerable to cross-site scripting (XSS) via el-table-column

element-plus below 2.0.5 is vulnerable to Cross Site Scripting XSS when attribute show-tooltips-overflow of el-table-column is true. The mouseover action will make the text of this column render as html...