MAL-2025-190756 Malicious code in @seung-ju/openapi-generator (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0f38aa15b9a4a24dec5d8ea17b00f0bcc9e7ba46386fd087b3a9fa569ade45a6 The package @seung-ju/openapi-generator was found to contain malicious code. Source: ghsa-malware...

EUVD-2021-0893

Malware in sbrugna...

EUVD-2021-1049

Malware in sbrugna...

EUVD-2021-0794

Malware in sbrugna...

EUVD-2022-1933

Malicious code in bioql PyPI...

EUVD-2023-1130

Malicious code in bioql PyPI...

MAL-2025-22081 Malicious code in h1-cli-ext-root-openapi-generator (npm)

The package h1-cli-ext-root-openapi-generator was found to contain malicious code...

Malicious code in h1-cli-ext-root-openapi-generator (npm)

The package h1-cli-ext-root-openapi-generator was found to contain malicious code...

h1-cli-device-browser (>=1.0.1-alpha.0 <=1.0.1-alpha.1), h1-cli-device-node (>=1.0.1-alpha.0 <=1.0.1-alpha.1) potentially affected by unknown CVE via h1-cli-ext-root-openapi-generator (=1.0.1-alpha.1)

h1-cli-ext-root-openapi-generator NPM version =1.0.1-alpha.1 is affected by a known vulnerability. The following packages have a transitive dependency on h1-cli-ext-root-openapi-generator and may be impacted: - h1-cli-device-browser =1.0.1-alpha.0, =1.0.1-alpha.0, =1.0.1-alpha.1 Source cves:...

CVE-2023-27162

openapi-generator up to v6.4.0 was discovered to contain a Server-Side Request Forgery SSRF via the component /api/gen/clients/language. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request...

CVE-2021-21430

OpenAPI Generator allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. Using File.createTempFile in JDK will result in creating and using insecure temporary files that can leave application and system data...

CVE-2021-21428

Openapi generator is a java tool which allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. openapi-generator-online creates insecure temporary folders with File.createTempFile during the code generation...

CVE-2019-11405

OpenAPI Tools OpenAPI Generator before 4.0.0-20190419.052012-560 uses http:// URLs in various build.gradle, build.gradle.mustache, and build.sbt files, which may have caused insecurely resolved dependencies...

VulnCheck KEV: CVE-2024-35219

OpenAPI Generator allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary,...

Malicious code in tailchat-service-openapi-generator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 22511b2b576ee7a41e7c7f6abf4e9a9fdedded65c99367d47f3f5cda4ce875c7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Path Traversal

org.openapitools, openapi-generator-online is vulnerable to a Path Traversal. The vulnerability is due to unrestricted access to the outputFolder option, which allows attackers to manipulate file paths and potentially read or delete files and folders outside of the intended directory...

GHSA-G3HR-P86P-593H OpenAPI Generator Online - Arbitrary File Read/Delete

Impact Attackers can exploit the vulnerability to read and delete files and folders from an arbitrary, writable directory as anyone can set the output folder when submitting the request via the outputFolder option. Patches The issue was fixed via...

OpenAPI Generator Online - Arbitrary File Read/Delete

Impact Attackers can exploit the vulnerability to read and delete files and folders from an arbitrary, writable directory as anyone can set the output folder when submitting the request via the outputFolder option. Patches The issue was fixed via...

CVE-2024-35219

A flaw was found in OpenAPI generator, where it allows the generation of API client libraries, for example, SDK generation, server stubs, documentation, and configuration, automatically given an OpenAPI Spec. This flaw allows an attacker to cause a path traversal vulnerability to read and delete...

CVE-2024-35219

OpenAPI Generator allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary,...