Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

CNNVD
CNNVDadded 2026/05/07 12:0 a.m.3 views

inngest-js 信息泄露漏洞

Inngest-js is an open-source framework developed by Inngest, designed to support various serverless platforms. It serves as a reliable event-driven and background task execution framework. Versions 3.22.0 to 3.53.1 of Inngest-js contain a vulnerability related to information leakage. This...

8.6CVSS5.9AI score0.00048EPSS
Exploits0References1
OSV
OSVadded 2026/05/05 6:13 p.m.1 views

GHSA-2JF5-6WWV-VHXX Inngest TypeScript SDK exposes environment variables via serve() handler on unhandled HTTP methods

Summary A vulnerability in the Inngest TypeScript SDK versions 3.22.0 through 3.53.1 allows unauthenticated remote attackers to exfiltrate environment variables from the host process via the serve HTTP handler. The serve handler implements GET, POST, and PUT methods. Requests using PATCH, OPTIONS...

8.6CVSS5.9AI score0.00048EPSS
Exploits0References11
Positive Technologies
Positive Technologiesadded 2026/05/05 12:0 a.m.5 views

PT-2026-37248

Name of the Vulnerable Software and Affected Versions Inngest versions 3.22.0 through 3.53.1 Description Unauthenticated remote attackers can exfiltrate environment variables from the host process via the 'serve' HTTP handler. While the 'serve' handler implements GET, POST, and PUT methods,...

8.6CVSS5.9AI score0.00048EPSS
Exploits0References16
OSV
OSVadded 2021/02/23 9:37 p.m.0 views

GHSA-9VHV-P9R7-RM53 HTML tag injection

Serve Handler, before 5.0.3, has a XSS via HTML tag injection in directory lisiting page...

5.9AI score
Exploits0References2
Github Security Blog
Github Security Blogadded 2021/02/23 9:37 p.m.8 views

HTML tag injection

Serve Handler, before 5.0.3, has a XSS via HTML tag injection in directory lisiting page...

1.8AI score
Exploits0References3Affected Software1
Veracode
Veracodeadded 2019/06/19 3:12 a.m.21 views

Directory Traversal

serve-handler is vulnerable to directory traversal. Attackers are able to access explicitly ignored folders using directory traversal characters ../ followed by the ignored folders. This vulnerability is a bypass of the fix for CVE-2018-3718...

5.3CVSS5.4AI score0.00243EPSS
Exploits1
Veracode
Veracodeadded 2019/05/06 8:17 a.m.8 views

Information Disclosure

serve-handler is vulnerable to information disclosure attacks. The vulnerability exists as symlinks were enabled by default, and were being resolved during runtime...

6.2AI score
Exploits0
Snyk
Snykadded 2019/04/07 9:21 a.m.1 views

Information Exposure

Overview org.webjars.npm:serve-handler is a package responsible for routing requests and handling responses. Affected versions of this package are vulnerable to Information Exposure. The unlisted property removes the file/folder from directory list but still allows viewing them by visiting their...

7.5CVSS6.8AI score
Exploits0References2
Veracode
Veracodeadded 2018/07/04 2:53 a.m.17 views

Directory Traversal

serve-handler is vulnerable to directory traversal vulnerability. This attack is possible by requesting a URL such as ../../../../../etc/passwd to obtain confidential information...

7.5CVSS7.3AI score0.00611EPSS
Exploits1References3Affected Software2
Rows per page
Query Builder