Budibase 安全漏洞

Budibase is an open-source platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Versions of Budibase prior to 3.39.0 contained security vulnerabilities. These vulnerabilities stemmed from the use of the raw...

CVE-2025-40905

WWW::OAuth 1.000 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions...

MetaCPAN WWW::OAuth 安全漏洞

MetaCPAN WWW::OAuth is a Perl authentication library developed by the MetaCPAN Foundation. Versions of MetaCPAN WWW::OAuth 1.000 and earlier contained a security vulnerability. This vulnerability stemmed from using the rand function as the default entropy source for encryption functions, which is...

CVE-2025-40905

The CVE concerns WWW::OAuth 1.000 and earlier for Perl, which uses the rand() function as the default entropy source for cryptographic functions. This non-cryptographic randomness source can undermine security of cryptographic operations in affected releases. The connected CVE entry confirms the ...

MAL-2025-144648 Malicious code in magellan-meissa-oauth-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c4147b208943baf94596cf907bc52cb7fb8253b2b9fbb50010a1dc78ab9237e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2024-39636

Malicious code in bioql PyPI...

EUVD-2024-39635

Malicious code in bioql PyPI...

CVE-2024-42476

In the OAuth library for nim prior to version 0.11, the Authorization Code grant and Implicit grant both rely on the state parameter to prevent cross-site request forgery CSRF attacks where a resource owner might have their session associated with protected resources belonging to an attacker. Whe...

CVE-2024-42475

In the OAuth library for nim prior to version 0.11, the state values generated by the generateState function do not have sufficient entropy. These can be successfully guessed by an attacker allowing them to perform a CSRF vs a user, associating the user's session with the attacker's protected...

CVE-2024-42475

In the OAuth library for nim prior to version 0.11, the state values generated by the generateState function do not have sufficient entropy. These can be successfully guessed by an attacker allowing them to perform a CSRF vs a user, associating the user's session with the attacker's protected...

CVE-2024-42476 oauth CSRF vulnerability

In the OAuth library for nim prior to version 0.11, the Authorization Code grant and Implicit grant both rely on the state parameter to prevent cross-site request forgery CSRF attacks where a resource owner might have their session associated with protected resources belonging to an attacker. Whe...

CVE-2024-42475 OAuth library for nim allows insecure generation of state values by generateState - entropy too low and uses regular PRNG instead of CSPRNG

In the OAuth library for nim prior to version 0.11, the state values generated by the generateState function do not have sufficient entropy. These can be successfully guessed by an attacker allowing them to perform a CSRF vs a user, associating the user's session with the attacker's protected...

CVE-2024-42475 OAuth library for nim allows insecure generation of state values by generateState - entropy too low and uses regular PRNG instead of CSPRNG

In the OAuth library for nim prior to version 0.11, the state values generated by the generateState function do not have sufficient entropy. These can be successfully guessed by an attacker allowing them to perform a CSRF vs a user, associating the user's session with the attacker's protected...

CVE-2024-42475

The CVE describes the nim OAuth library prior to 0.11 having insecure generateState entropy in the state values, enabling potential CSRF with a user. The root cause is that generateState did not use a cryptographically secure generator, producing insufficient entropy (less than 128 bits). Version...

PT-2024-29972 · Unknown · Oauth Library For Nim

Name of the Vulnerable Software and Affected Versions: OAuth library for nim versions prior to 0.11 Description: The issue concerns the OAuth library for nim, where the Authorization Code grant and Implicit grant rely on the state parameter to prevent cross-site request forgery CSRF attacks...

oauth 安全漏洞

oauth is an oauth library for nim by individual developer Yoshihiro Tanaka. A security vulnerability exists in versions prior to oauth 0.11, which stems from the use of certain compiler flags to compile projects where the state parameter may not be checked, leaving it vulnerable to cross-site...

oauth 安全漏洞

oauth is an oauth library for nim from the individual developer Yoshihiro Tanaka. A security vulnerability exists in versions of oauth prior to 0.11, which stems from the state values generated by the generateState function not having sufficient entropy for an attacker to successfully guess these...

OESA-2022-1971 python-oauthlib security update

Security Fixes: OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. In OAuthLib versions 3.1.1 until 3.2.1, an attacker providing malicious redirect uri can cause denial of service. An attacker can also leverage usage of urivalidate functions depending where it is...

USN-5632-1 python-oauthlib vulnerability

Sebastian Chnelik discovered that OAuthLib incorrectly handled certain redirect uris. A remote attacker could possibly use this issue to cause OAuthLib to crash, resulting in a denial of service...

PYSEC-2022-269

OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. In OAuthLib versions 3.1.1 until 3.2.1, an attacker providing malicious redirect uri can cause denial of service. An attacker can also leverage usage of urivalidate functions depending where it is used. OAuthLib...