EUVD-2025-177267

Malicious code in permission-resolve-function-fast-try npm...

EUVD-2021-0563

Malware in sbrugna...

PT-2025-39321

Name of the Vulnerable Software and Affected Versions Llama Stack versions prior to 0.2.20 Description The software accepts unverified parameters in the resolve ast by type function, which may allow for remote code execution. Recommendations Update to version 0.2.20 or later...

Improper Authorization

Overview accelbyte-py-sdk is an AccelByte Python SDK Affected versions of this package are vulnerable to Improper Authorization via the resolve function in the protohttprequest.py, which accepts COOKIEAUTH and bypasses additional Basic or Bearer auth requirements. Remediation Upgrade...

CVE-2024-29651

CVE-2024-29651 is a Prototype Pollution vulnerability in API Dev Tools json-schema-ref-parser (versions 11.0.0 and 11.1.0). The flaw allows remote code execution or denial of service by manipulating Object.prototype via bundle(), parse(), resolve(), or dereference() functions. Affected IBM stack ...

PT-2023-11742 · Mongoose · Mongoose

Name of the Vulnerable Software and Affected Versions: Mongoose version 6.18 Description: The issue is a buffer overflow in the mg resolve from hosts file function when reading from a crafted hosts file. This can occur in Mongoose 6.18. Recommendations: For Mongoose version 6.18, consider updatin...

Cross-site Scripting (XSS)

jsoup is vulnerable to cross-site scripting. The vulnerability exists in resolve function in StringUtil.java because the jsoup cleaner is not properly sanitized when SafeList.preserveRelativeLinks is enabled which allows an attacker to inject and execute arbitrary javascript...