635 matches found
OPENSUSE-SU-2025:15848-1 python311-openapi-core-0.22.0-1.1 on GA media
These are all security issues fixed in the python311-openapi-core-0.22.0-1.1 package on the GA media of openSUSE Tumbleweed...
WuppieFuzz: Coverage-Guided, Stateful REST API Fuzzing
Many business processes currently depend on web services, often using REST APIs for communication. REST APIs expose web service functionality through endpoints, allowing easy client interaction over the Internet. To reduce the security risk resulting from exposed endpoints, thorough testing is...
GO-2025-4162 Free5GC is vulnerable to DoS via the Nudm_SubscriberDataManagement API in github.com/free5gc/openapi
Free5GC is vulnerable to DoS via the NudmSubscriberDataManagement API in github.com/free5gc/openapi...
CVE-2025-66201
LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.1-rc2, LibreChat is vulnerable to Server-side Request Forgery SSRF, by passing specially crafted OpenAPI specs to its "Actions" feature and making the LLM use those actions. It could be used by an authenticated user with...
EUVD-2025-199888
LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.1-rc2, LibreChat is vulnerable to Server-side Request Forgery SSRF, by passing specially crafted OpenAPI specs to its "Actions" feature and making the LLM use those actions. It could be used by an authenticated user with...
CVE-2025-66201 LibreChat is Vulnerable to Server-Side Request Forgery (SSRF) in Actions Capability
LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.1-rc2, LibreChat is vulnerable to Server-side Request Forgery SSRF, by passing specially crafted OpenAPI specs to its "Actions" feature and making the LLM use those actions. It could be used by an authenticated user with...
CVE-2025-66201
CVE-2025-66201 affects LibreChat. The vulnerability is a Server-Side Request Forgery (SSRF) in the LibreChat tions feature that can be triggered by passing specially crafted OpenAPI specs, allowing an authenticated user with access to the feature to reach URLs only accessible to the LibreChat se...
CVE-2025-66201 LibreChat is Vulnerable to Server-Side Request Forgery (SSRF) in Actions Capability
LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.1-rc2, LibreChat is vulnerable to Server-side Request Forgery SSRF, by passing specially crafted OpenAPI specs to its "Actions" feature and making the LLM use those actions. It could be used by an authenticated user with...
cc.ddrpa.dorian.polystash:polystash-spring-boot-starter (=1.0.0), com.alibaba.fastjson2:fastjson2-extension (>=2.0.27 <=2.0.62) +33 more potentially affected by CVE-2025-12183 via org.lz4:lz4-pure-java (=1.8.0)
org.lz4:lz4-pure-java MAVEN version =1.8.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.lz4:lz4-pure-java and may be impacted: - cc.ddrpa.dorian.polystash:polystash-spring-boot-starter =1.0.0 - com.alibaba.fastjson2:fastjson2-extension =2.0.27,...
EUVD-2025-199288
Malicious code in @silgi/openapi npm...
Malicious code in @silgi/openapi (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da37d75ae054be71f7d9d4913bf4e5b1c0e7249774278432c33d89d871d99f28 The package @silgi/openapi was found to contain malicious code. Source: ghsa-malware 3c5eda9815ba5af459be6844eab3b3e9f5cb4615e738904bd8214eb62a2c93e7...
MAL-2025-191316 Malicious code in @silgi/openapi (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da37d75ae054be71f7d9d4913bf4e5b1c0e7249774278432c33d89d871d99f28 The package @silgi/openapi was found to contain malicious code. Source: ghsa-malware 3c5eda9815ba5af459be6844eab3b3e9f5cb4615e738904bd8214eb62a2c93e7...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
@achinet/nestjs-async (>=0.0.1 <=0.2.0), @aligov/clark-core (>=3.0.0 <=3.0.1) +89 more potentially affected by unknown CVE via @asyncapi/openapi-schema-parser (=3.0.24)
@asyncapi/openapi-schema-parser NPM version =3.0.24 is affected by a known vulnerability. The following packages have a transitive dependency on @asyncapi/openapi-schema-parser and may be impacted: - @achinet/nestjs-async =0.0.1, =3.0.0, =0.2.44, =4.1.3, =0.7.1, =0.9.0, =1.10.0, =0.2.0, =0.1.0,...
EUVD-2025-198778
Malicious code in @seung-ju/openapi-generator npm...
Malicious code in @seung-ju/openapi-generator (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0f38aa15b9a4a24dec5d8ea17b00f0bcc9e7ba46386fd087b3a9fa569ade45a6 The package @seung-ju/openapi-generator was found to contain malicious code. Source: ghsa-malware...
MAL-2025-190756 Malicious code in @seung-ju/openapi-generator (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0f38aa15b9a4a24dec5d8ea17b00f0bcc9e7ba46386fd087b3a9fa569ade45a6 The package @seung-ju/openapi-generator was found to contain malicious code. Source: ghsa-malware...
@achinet/nestjs-async (>=0.0.1 <=0.2.0), @aligov/clark-core (>=3.0.0 <=3.0.1) +89 more potentially affected by unknown CVE via @asyncapi/openapi-schema-parser (=3.0.24)
@asyncapi/openapi-schema-parser NPM version =3.0.24 is affected by a known vulnerability. The following packages have a transitive dependency on @asyncapi/openapi-schema-parser and may be impacted: - @achinet/nestjs-async =0.0.1, =3.0.0, =0.2.44, =4.1.3, =0.7.1, =0.9.0, =1.10.0, =0.2.0, =0.1.0,...
Malicious code in @asyncapi/openapi-schema-parser (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7b4e9b39029c1f0084db9cd77fb419e5b003036f5b3db50d6b52097114f0c729 The package @asyncapi/openapi-schema-parser was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-198641
Malicious code in @asyncapi/openapi-schema-parser npm...