@art-ws/openapi (>=0.1.1 <=0.1.8) potentially affected by unknown CVE via @art-ws/fastify-http-server (>=2.0.15 <=2.0.23)

@art-ws/fastify-http-server NPM version =2.0.15, =0.1.1, =0.1.8 Source cves: unknown CVE Source advisory: OSV:MAL-2025-47378...

MAL-2025-47380 Malicious code in @art-ws/openapi (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 95bf1ca6cf44627c0e79bccad94ab171021ece601814ac65cc70d055d925a3f0 Any computer that has this package installed or running should be considered fully compromised. All...

@art-ws/fastify-http-server (>=2.0.1 <=2.0.23), @art-ws/openapi (>=0.1.1 <=0.1.8) potentially affected by unknown CVE via @art-ws/di (>=2.0.1 <=2.0.27)

@art-ws/di NPM version =2.0.1, =2.0.1, =0.1.1, =0.1.8 Source cves: unknown CVE Source advisory: OSV:MAL-2025-47375...

Malicious code in @art-ws/openapi (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 95bf1ca6cf44627c0e79bccad94ab171021ece601814ac65cc70d055d925a3f0 Any computer that has this package installed or running should be considered fully compromised. All...

@art-ws/fastify-http-server (>=2.0.1 <=2.0.23), @art-ws/openapi (>=0.1.1 <=0.1.8) potentially affected by unknown CVE via @art-ws/http-server (>=2.0.1 <=2.0.20)

@art-ws/http-server NPM version =2.0.1, =2.0.1, =0.1.1, =0.1.8 Source cves: unknown CVE Source advisory: OSV:MAL-2025-47379...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

@art-ws/openapi (>=0.1.1 <=0.1.8) potentially affected by unknown CVE via @art-ws/fastify-http-server (>=2.0.15 <=2.0.23)

@art-ws/fastify-http-server NPM version =2.0.15, =0.1.1, =0.1.8 Source cves: unknown CVE Source advisory: SNYK:JS-ARTWSFASTIFYHTTPSERVER-12744474...

@art-ws/fastify-http-server (>=2.0.1 <=2.0.23), @art-ws/openapi (>=0.1.1 <=0.1.8) potentially affected by unknown CVE via @art-ws/di (>=2.0.1 <=2.0.27)

@art-ws/di NPM version =2.0.1, =2.0.1, =0.1.1, =0.1.8 Source cves: unknown CVE Source advisory: SNYK:JS-ARTWSDI-12744471...

Linux Distros Unpatched Vulnerability : CVE-2022-3726

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Lack of sand-boxing of OpenAPI documents in GitLab CE/EE affecting all versions from 12.6 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows...

Linux Distros Unpatched Vulnerability : CVE-2024-1816

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GitLab CE/EE affecting all versions starting from 12.0 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1...

Malicious code in okta-sdk-golang-openapi (npm)

The package okta-sdk-golang-openapi was found to contain malicious code...

MAL-2025-22081 Malicious code in h1-cli-ext-root-openapi-generator (npm)

The package h1-cli-ext-root-openapi-generator was found to contain malicious code...

MAL-2025-28187 Malicious code in okta-sdk-golang-openapi (npm)

The package okta-sdk-golang-openapi was found to contain malicious code...

h1-cli-device-browser (>=1.0.1-alpha.0 <=1.0.1-alpha.1), h1-cli-device-node (>=1.0.1-alpha.0 <=1.0.1-alpha.1) potentially affected by unknown CVE via h1-cli-ext-root-openapi-generator (=1.0.1-alpha.1)

h1-cli-ext-root-openapi-generator NPM version =1.0.1-alpha.1 is affected by a known vulnerability. The following packages have a transitive dependency on h1-cli-ext-root-openapi-generator and may be impacted: - h1-cli-device-browser =1.0.1-alpha.0, =1.0.1-alpha.0, =1.0.1-alpha.1 Source cves:...

Malicious code in h1-cli-ext-root-openapi-generator (npm)

The package h1-cli-ext-root-openapi-generator was found to contain malicious code...

MAL-2025-6466 Malicious code in bmlx-openapi-client (PyPI)

--- -= Per source details. Do not edit below this line.=-...

Information Disclosure

Directus is vulnerable to information disclosure. The vulnerability is due to the exact Directus version number being exposed as the OpenAPI Spec version at the /server/specs/oas endpoint without authentication, which allows an attacker to identify the running version and target known...

CVE-2025-53887

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0 and prior to version 11.9.0, the exact Directus version number is incorrectly being used as OpenAPI Spec version this means that it is being exposed by the /server/specs/oas endpoint without...

GHSA-RMJH-CF9Q-PV7Q Directus' exact version number is exposed by the OpenAPI Spec

Summary The exact Directus version number is incorrectly being used as OpenAPI Spec version this means that it is being exposed by the /server/specs/oas endpoint without authentication. Impact With the exact version information a malicious attacker can look for known vulnerabilities in Directus...

Directus' exact version number is exposed by the OpenAPI Spec

Summary The exact Directus version number is incorrectly being used as OpenAPI Spec version this means that it is being exposed by the /server/specs/oas endpoint without authentication. Impact With the exact version information a malicious attacker can look for known vulnerabilities in Directus...