Angular 安全漏洞

Angular is a development platform of Angular open source. It is used to build mobile and desktop web applications using Typescript / JavaScript and other languages. A security vulnerability exists in Angular versions prior to 19.2.16, prior to 20.3.14, and prior to 21.0.1, which stems from the...

PT-2025-48196

Name of the Vulnerable Software and Affected Versions Angular versions prior to 19.2.16 Angular versions prior to 20.3.14 Angular versions prior to 21.0.1 Description Angular’s HttpClient has a built-in Cross-Site Request Forgery XSRF protection mechanism. When handling requests with...

Koa Vulnerable to Open Redirect via Trailing Double-Slash (//) in back Redirect Logic

Summary: A bypass was discovered in the Koa.js framework affecting its back redirect functionality. In certain circumstances, an attacker can manipulate the Referer header to force a user’s browser to navigate to an external, potentially malicious website. This occurs because the implementation...

Open Redirect

Overview koa is a Koa web app framework Affected versions of this package are vulnerable to Open Redirect via the "back redirect" functionality. An attacker can cause users to be redirected to an external, attacker-controlled domain by supplying a specially crafted Referer header containing a...

GHSA-G8MR-FGFG-5QPC Koa Vulnerable to Open Redirect via Trailing Double-Slash (//) in back Redirect Logic

Summary: A bypass was discovered in the Koa.js framework affecting its back redirect functionality. In certain circumstances, an attacker can manipulate the Referer header to force a user’s browser to navigate to an external, potentially malicious website. This occurs because the implementation...

PT-2025-42905

Name of the Vulnerable Software and Affected Versions Koa versions 2.16.2 through 2.16.3 Koa versions 3.0.1 through 3.0.3 Description The Koa framework contains a flaw in its back redirect functionality. An attacker can manipulate the Referer header to redirect a user’s browser to a malicious...

EUVD-2025-25235

Malicious code in bioql PyPI...

EUVD-2023-0062

Malicious code in bioql PyPI...

EUVD-2023-41885

Malicious code in bioql PyPI...

EUVD-2025-26391

Malicious code in bioql PyPI...

Open Redirection

googlesignin is vulnerable to Open Redirection. The vulnerability is due to open redirect due to the proceedto session value accepting protocol-relative URLs which can be set via a malicious form submission, allowing an attacker to redirect users to another origin...

Linux Distros Unpatched Vulnerability : CVE-2023-38059

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The loading of external images is not blocked, even if configured, if the attacker uses protocol-relative URL in the payload. This can be used to retreive the I...

Improper Access Control

@astrojs/node is vulnerable to Improper Access Control. The vulnerability is due to improper validation of image source domains in the image optimization endpoint, which allows an attacker to bypass third-party domain restrictions using protocol-relative URLs and serve unauthorized external image...

Open Redirect

Overview googlesignin is a Sign in or up with Google for Rails applications Affected versions of this package are vulnerable to Open Redirect via the proceedto value in the session store when it is set to a protocol-relative URL. An attacker can redirect users to an unintended origin by submittin...

CVE-2025-58067

Basecamp's Google Sign-In adds Google sign-in to Rails applications. Prior to version 1.3.1, it is possible to redirect a user to another origin if the "proceedto" value in the session store is set to a protocol-relative URL. Normally the value of this URL is only written and read by the library ...

CVE-2025-58067 Basecamp's Google Sign-In for Rails allowed redirects to protocol-relative URI

Basecamp's Google Sign-In adds Google sign-in to Rails applications. Prior to version 1.3.1, it is possible to redirect a user to another origin if the "proceedto" value in the session store is set to a protocol-relative URL. Normally the value of this URL is only written and read by the library ...

CVE-2025-58067 Basecamp's Google Sign-In for Rails allowed redirects to protocol-relative URI

Basecamp's Google Sign-In adds Google sign-in to Rails applications. Prior to version 1.3.1, it is possible to redirect a user to another origin if the "proceedto" value in the session store is set to a protocol-relative URL. Normally the value of this URL is only written and read by the library ...

Google Sign-In for Rails allowed redirect to protocol-relative URI

Summary It is possible to redirect a user to another origin if the "proceedto" value in the session store is set to a protocol-relative URL. Details The googlesignin gem persists an optional URL for redirection after authentication. If this URL is set to a protocol-relative URL, it improperly...

GHSA-5JCH-XHW4-R43V Google Sign-In for Rails allowed redirect to protocol-relative URI

Summary It is possible to redirect a user to another origin if the "proceedto" value in the session store is set to a protocol-relative URL. Details The googlesignin gem persists an optional URL for redirection after authentication. If this URL is set to a protocol-relative URL, it improperly...

Google Sign-In for Rails allowed redirect to protocol-relative URI

Summary It is possible to redirect a user to another origin if the "proceedto" value in the session store is set to a protocol-relative URL. Details The googlesignin gem persists an optional URL for redirection after authentication. If this URL is set to a protocol-relative URL, it improperly...