Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2022-6376

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.00737EPSS
Exploits1References4
Veracode
Veracodeadded 2022/07/26 5:9 a.m.18 views

Prototype Pollution

js-ini is vulnerable to prototype pollution. The vulnerability exists in parse function in index.ts and parse.ts due to lack of validations which allows an attacker to send malicious INI files on the application to cause a pollution on prototype...

9.8CVSS8.7AI score0.00737EPSS
Exploits1References2Affected Software1
OSV
OSVadded 2022/07/26 12:1 a.m.10 views

GHSA-M939-VRFP-9V8P js-ini Prorotype Pollution when malicious INI files submitted to an application that parses it with `parse`

This affects the package js-ini before 1.3.0. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be exploited further depending on the context...

9.8CVSS9.4AI score0.00737EPSS
Exploits1References4
OSV
OSVadded 2022/07/25 2:15 p.m.10 views

CVE-2020-28461

This affects the package js-ini before 1.3.0. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be exploited further depending on the context...

9.8CVSS9.4AI score
Exploits0References2
Prion
Prionadded 2022/07/25 2:15 p.m.8 views

Code injection

This affects the package js-ini before 1.3.0. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be exploited further depending on the context...

7.5CVSS9.3AI score0.00737EPSS
Exploits1References2Affected Software1
CVE
CVEadded 2022/07/25 2:6 p.m.44 views

CVE-2020-28461

CVE-2020-28461 affects the js-ini package before 1.3.0. The vulnerability is a prototype pollution issue in the parse function when parsing untrusted INI-like inputs, enabling an attacker to contaminate the application prototype. Impact is context-dependent and not quantified in all sources, but ...

9.8CVSS8.3AI score0.00737EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2022/07/25 2:6 p.m.10 views

CVE-2020-28461 Prototype Pollution

This affects the package js-ini before 1.3.0. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be exploited further depending on the context...

7.3CVSS9.4AI score0.00737EPSS
Exploits1References2
Positive Technologies
Positive Technologiesadded 2022/07/25 12:0 a.m.2 views

PT-2022-8903 · Js-Ini · Js-Ini

Name of the Vulnerable Software and Affected Versions: js-ini versions prior to 1.3.0 Description: The issue arises when an attacker submits a malicious INI file to an application that uses the parse function to parse it. This can lead to prototype pollution on the application, which can be furth...

9.8CVSS9.2AI score0.00737EPSS
Exploits1References6
Rows per page
Query Builder