Linux Distros Unpatched Vulnerability : CVE-2021-22223

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Client-Side code injection through Feature Flag name in GitLab CE/EE starting with 11.9 allows a specially crafted feature flag name to PUT requests on behalf o...

Malicious code in frontend-feature-flags (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-6420 Malicious code in frontend-feature-flags (npm)

--- -= Per source details. Do not edit below this line.=-...

OESA-2025-1577 libbpf security update

A mirror of bpf-next linux tree bpf-next/tools/lib/bpf directory plus its supporting header files. The version of the package reflects the version of ABI. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: libbpf: Use OPTSSET macro in bpfxdpquery When the...

Information Disclosure

Flags SDK is vulnerable to information disclosure. The vulnerability is due to a flaw in the flags discovery endpoint that allows attackers with detailed knowledge of the issue to list all feature flags, including names, descriptions, options, and default values...

CVE-2025-46332

Flags SDK is an open-source feature flags toolkit for Next.js and SvelteKit. Impacted versions include flags from 3.2.0 and prior and @vercel/flags from 3.1.1 and prior as certain circumstances allows a bad actor with detailed knowledge of the vulnerability to list all flags returned by the flags...

GHSA-892P-PQRR-HXQR Information Disclosure via Flags override link

Summary An information disclosure vulnerability affecting Flags SDK has been addressed. It impacted flags ≤3.2.0 and @vercel/flags ≤3.1.1 and in certain circumstances, allowed a bad actor with detailed knowledge of the vulnerability to list all flags returned by the flags discovery endpoint...

Information Disclosure via Flags override link

Summary An information disclosure vulnerability affecting Flags SDK has been addressed. It impacted flags ≤3.2.0 and @vercel/flags ≤3.1.1 and in certain circumstances, allowed a bad actor with detailed knowledge of the vulnerability to list all flags returned by the flags discovery endpoint...

CVE-2025-46332

Flags SDK is an open-source feature flags toolkit for Next.js and SvelteKit. Impacted versions include flags from 3.2.0 and prior and @vercel/flags from 3.1.1 and prior as certain circumstances allows a bad actor with detailed knowledge of the vulnerability to list all flags returned by the flags...

CVE-2025-46332

The CVE-2025-46332 entry concerns Flags SDK (for Next.js and SvelteKit) with information disclosure via the flags discovery endpoint. Affected: flags <= 3.2.0 and @vercel/flags

PT-2025-18911 · Vercel +1 · @Vercel/Flags +1

Name of the Vulnerable Software and Affected Versions: Flags versions 3.2.0 and prior @vercel/flags versions 3.1.1 and prior Description: The issue allows for information disclosure, where a bad actor could gain access to a list of all feature flags exposed through the "flags discovery endpoint"...

Malicious code in oss-feature-flags (npm)

--- -= Per source details. Do not edit below this line.=-...

DEBIAN-CVE-2024-27050

In the Linux kernel, the following vulnerability has been resolved: libbpf: Use OPTSSET macro in bpfxdpquery When the featureflags and xdpzcmaxsegs fields were added to the libbpf bpfxdpqueryopts, the code writing them did not use the OPTSSET macro. This causes libbpf to write to those fields...

UBUNTU-CVE-2024-27050

In the Linux kernel, the following vulnerability has been resolved: libbpf: Use OPTSSET macro in bpfxdpquery When the featureflags and xdpzcmaxsegs fields were added to the libbpf bpfxdpqueryopts, the code writing them did not use the OPTSSET macro. This causes libbpf to write to those fields...

CVE-2024-27050 libbpf: Use OPTS_SET() macro in bpf_xdp_query()

In the Linux kernel, the following vulnerability has been resolved: libbpf: Use OPTSSET macro in bpfxdpquery When the featureflags and xdpzcmaxsegs fields were added to the libbpf bpfxdpqueryopts, the code writing them did not use the OPTSSET macro. This causes libbpf to write to those fields...

SUSE CVE-2024-26803

In the Linux kernel, the following vulnerability has been resolved: net: veth: clear GRO when clearing XDP even when down veth sets NETIFFGRO automatically when XDP is enabled, because both features use the same NAPI machinery. The logic to clear NETIFFGRO sits in vethdisablexdp which is called...

CVE-2023-29018

The CVE-2023-29018 issue affects the OpenFeature Operator, where overly permissive access on the open-feature-operator-controller-manager can allow cluster-wide privilege escalation. Multiple sources (Red Hat, NVD, OSV, GHSA, CNVD, Veracode) describe that an attacker could leverage lax permission...

U.S. Dept Of Defense: [U.S. Air Force] Information disclosure due unauthenticated access to APIs and system browser functions

Multiple information exposure vulnerabilities were found in a Jira Server instance, allowing unauthenticated attackers to access APIs and system browser functions, leading to unauthorized access to sensitive data. The vulnerability was registered as CVE-2020-14179...

Manage Akamai Features at the Edge with EdgeWorkers and EdgeKV

EdgeWorkers and EdgeKV lets you set feature flags that tailor content to different website visitors...

Malicious code in lib-feature-flags-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e24cd9baab2f8a1b9e12ede025f1bf40f5cea61abaeb14c138b5aab1b0df3374 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...