487 matches found
EUVD-2025-3750
Malicious code in bioql PyPI...
EUVD-2023-53325
Malicious code in bioql PyPI...
EUVD-2025-31057
Malicious code in bioql PyPI...
EUVD-2025-9753
Malicious code in bioql PyPI...
CVE-2025-57326
A Prototype Pollution vulnerability in the byGroupAndType function of sassdoc-extras v2.5.1 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service DoS as the minimum consequence...
Prototype Pollution
Overview sassdoc-extras is a SassDoc's Toolbelt Affected versions of this package are vulnerable to Prototype Pollution via the byGroupAndType function. An attacker can inject arbitrary properties into Object.prototype by supplying a crafted payload, potentially causing application instability or...
@advclb/sassdoc-loader (=0.1.0), @alifd/sassdoc-parser (>=0.1.0 <=2.0.1) +148 more potentially affected by CVE-2025-57326 via sassdoc-extras (>=1.0.3 <=3.0.0)
sassdoc-extras NPM version =1.0.3, =0.1.0, =0.0.3, =0.0.3, =0.0.8, =3.0.0, =3.2.0, =2.3.0, =0.0.1, =0.1.2, =10.1.0, =10.18.0, =0.1.18, =99.0.372 and more Source cves: CVE-2025-57326 Source advisory: SNYK:JS-SASSDOCEXTRAS-13110008...
GHSA-3MPM-JX38-9M8W sassdoc-extras vulnerable to prototype pollution
A Prototype Pollution vulnerability in the byGroupAndType function of sassdoc-extras v2.5.1 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service DoS as the minimum consequence...
sassdoc-extras vulnerable to prototype pollution
A Prototype Pollution vulnerability in the byGroupAndType function of sassdoc-extras v2.5.1 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service DoS as the minimum consequence...
@advclb/sassdoc-loader (=0.1.0), @alifd/sassdoc-parser (>=0.1.0 <=2.0.1) +148 more potentially affected by CVE-2025-57326 via sassdoc-extras (>=1.0.3 <=3.0.0)
sassdoc-extras NPM version =1.0.3, =0.1.0, =0.0.3, =0.0.3, =0.0.8, =3.0.0, =3.2.0, =2.3.0, =0.0.1, =0.1.2, =10.1.0, =10.18.0, =0.1.18, =99.0.372 and more Source cves: CVE-2025-57326 Source advisory: OSV:GHSA-3MPM-JX38-9M8W...
CVE-2025-57326
A Prototype Pollution vulnerability in the byGroupAndType function of sassdoc-extras v2.5.1 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service DoS as the minimum consequence...
CVE-2025-57326
A Prototype Pollution vulnerability in the byGroupAndType function of sassdoc-extras v2.5.1 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service DoS as the minimum consequence...
CVE-2025-57326
CVE-2025-57326 concerns a prototype pollution in the SassDoc extras package. Affected versions: sassdoc-extras v2.5.1 and earlier. The vulnerability is caused by the byGroupAndType function, which improperly handles user-supplied input and can inject properties into Object.prototype. Impact state...
PT-2025-39335
Name of the Vulnerable Software and Affected Versions sassdoc-extras versions 2.5.1 and before Description A Prototype Pollution issue exists in the byGroupAndType function. This allows attackers to inject properties onto Object.prototype by providing a specially crafted input. This can lead to a...
SassDoc Extras 安全漏洞
SassDoc Extras is a SassDoc theme builder from SassDoc Open Source. A security vulnerability exists in SassDoc Extras 2.5.1 and earlier versions, which stems from a prototype contamination in the byGroupAndType function, which allows an attacker to inject attributes via a specially crafted payloa...
CVE-2025-57326
A Prototype Pollution vulnerability in the byGroupAndType function of sassdoc-extras v2.5.1 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service DoS as the minimum consequence...
CVE-2025-57326
A Prototype Pollution vulnerability in the byGroupAndType function of sassdoc-extras v2.5.1 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service DoS as the minimum consequence...
Malicious code in react-jsonschema-form-extras (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a348a6e6add3a526378c82c718c9589edc804b3a2c90e291c0abc25798ba1047 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-47344 Malicious code in react-jsonschema-rxnt-extras (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8e29ae9593362f6ccecd21ee9abaabfe0baf7da78be18ebeeef87277d03b1f56 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
react-jsonschema-rxnt-extras (>=0.1.14 <=0.5.0-alpha.190053) potentially affected by unknown CVE via react-complaint-image (>=0.0.10 <=0.0.31)
react-complaint-image NPM version =0.0.10, =0.1.14, =0.5.0-alpha.190053 Source cves: unknown CVE Source advisory: OSV:MAL-2025-47341...