Malicious code in okta-sdk-php-openapi (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware da144ffdf9eed05ec70b485602e1d3aeae40d312d6fd4eec8956422e2365bd0b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Denial Of Service

GitLab is vulnerable to Denial of Service DoS. The vulnerability is due to the server's failure to safely process crafted OpenAPI files, and attackers can exploit this to consume excessive resources or crash the service, leading to a denial of service...

CVE-2019-11405

OpenAPI Tools OpenAPI Generator before 4.0.0-20190419.052012-560 uses http:// URLs in various build.gradle, build.gradle.mustache, and build.sbt files, which may have caused insecurely resolved dependencies...

CVE-2020-15142

In openapi-python-client before version 0.5.3, clients generated with a maliciously crafted OpenAPI Document can generate arbitrary Python code. Subsequent execution of this malicious client is arbitrary code execution...

Malicious code in smartling-openapi-spec (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 21a5bc79af548e1ec5706ef28aa4991242b628e7fb312ee2141f58d6aa46d16b Any computer that has this package installed or running should be considered...

MAL-2025-715 Malicious code in smartling-openapi-spec (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 21a5bc79af548e1ec5706ef28aa4991242b628e7fb312ee2141f58d6aa46d16b Any computer that has this package installed or running should be considered...

VulnCheck KEV: CVE-2024-35219

OpenAPI Generator allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary,...

Malicious code in tailchat-service-openapi-generator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 22511b2b576ee7a41e7c7f6abf4e9a9fdedded65c99367d47f3f5cda4ce875c7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in seatalk-openapi (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b1ba364a75979c4daf8df3fca9ae125f39309f1e2aaaf2ee625eef7a3e9a1d30 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Fedora 41 : python-fastapi / python-openapi-core / python-platformio / etc (2024-05dedb1a53)

The remote Fedora 41 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-05dedb1a53 advisory. Security fix for CVE-2024-47874. Starlette 0.40.0 October 15, 2024 This release fixes a Denial of service DoS via multipart/form-data requests. You can view...

Server-side Request Forgery (SSRF)

Overview fastagency is a The fastest way to bring multi-agent workflows to production Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the OAuth2PasswordBearer class's gettoken method, where the tokenurl is constructed from unvalidated OpenAPI schema...

[SECURITY] Fedora 41 Update: python-openapi-core-0.19.4-4.fc41

Openapi-core is a Python library that adds client-side and server-side support for the OpenAPI v3.0 and OpenAPI v3.1 specification...

[SECURITY] Fedora 40 Update: python-fastapi-0.111.1-7.fc40

FastAPI is a modern, fast high-performance, web framework for building APIs with Python 3.8+ based on standard Python type hints. The key features are: =E2=80=A2 Fast: Very high performance, on par with NodeJS and Go thanks to Starlette and Pydantic. One of the fastest Python frameworks available...

[SECURITY] Fedora 40 Update: python-openapi-core-0.19.4-3.fc40

Openapi-core is a Python library that adds client-side and server-side support for the OpenAPI v3.0 and OpenAPI v3.1 specification...

Fedora: Security Advisory (FEDORA-2024-f1615b58e6)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Redoc 安全漏洞

Redoc is an open source tool from Redocly Open Source. It is used to generate documentation from OpenAPI definitions. A security vulnerability exists in Redoc version v2.0.9-rc.69. An attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service denial of servic...

Secure Your APIs and Reduce Your Attack Surface With Modern, AI-powered API Security in Qualys Web Application Scanning (WAS)

The rise of APIs presents both opportunities and challenges in today’s hyperconnected digital world. APIs are integral to digital transformation initiatives across industries. The latest data indicates that over 83% of web traffic now comprises API traffic, highlighting their critical role in...

Malicious code in chromestatus-openapi (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c3f0ae839e77574e6fbdeb08227dfe2e2d3be958d34456a8cc4df440988db1e1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-7783 Malicious code in chromestatus-openapi (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c3f0ae839e77574e6fbdeb08227dfe2e2d3be958d34456a8cc4df440988db1e1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Exploit for Authentication Bypass Using an Alternate Path or Channel in Jetbrains Teamcity

CVE-2024-27198: Authentication bypass in Jetbrain Teamcity leads...