126 matches found
CVE-2026-24780
CVE-2026-24780 affects AutoGPT Platform prior to v0.6.44. An authenticated user can trigger remote code execution by calling the execute endpoint for blocks (both main web API and external API) without honoring the disabled flag for BlockInstallationBlock, which writes arbitrary Python code to th...
Malicious Package
Overview supabase-js is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...
CVE-2025-65957
Core Bot Is an Open Source discord bot made for maple hospital servers. Prior to commit dffe050, the API keys SUPABASEAPIKEY, TOKEN are loaded using environment variables, but there are cases in code error handling, summaries, webhooks where configuration summaries may inadvertently leak sensitiv...
CVE-2025-65957
Core Bot (open-source Discord bot for maple hospital servers) contained an information-disclosure vulnerability prior to commit dffe050, where API keys (SUPABASE_API_KEY, TOKEN) loaded from environment variables could be exposed in configuration summaries, logs, or embeds due to incomplete redact...
CVE-2025-65957 Core Bot is Leaking Sensitive Credentials in Logs, Errors, and Messages
Core Bot Is an Open Source discord bot made for maple hospital servers. Prior to commit dffe050, the API keys SUPABASEAPIKEY, TOKEN are loaded using environment variables, but there are cases in code error handling, summaries, webhooks where configuration summaries may inadvertently leak sensitiv...
Remote Code Execution (RCE)
Flowise is vulnerable to remote code execution RCE. The vulnerability is due to unsanitized evaluation of user input in the “Supabase RPC Filter” field, which allows an attacker to execute arbitrary code on the affected system...
CVE-2025-57164
Flowise through v3.0.4 is vulnerable to remote code execution via unsanitized evaluation of user input in the "Supabase RPC Filter" field...
Duplicate Advisory: FlowiseAI Pre-Auth Arbitrary Code Execution
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-7944-7c6r-55vv. This link is maintained to preserve external references. Original Description Flowise through v3.0.4 is vulnerable to remote code execution via unsanitized evaluation of user input in the "Supaba...
GHSA-3G4J-R53P-22WX Duplicate Advisory: FlowiseAI Pre-Auth Arbitrary Code Execution
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-7944-7c6r-55vv. This link is maintained to preserve external references. Original Description Flowise through v3.0.4 is vulnerable to remote code execution via unsanitized evaluation of user input in the "Supaba...
CVE-2025-57164
Flowise through v3.0.4 is vulnerable to remote code execution via unsanitized evaluation of user input in the "Supabase RPC Filter" field...
Flowise 安全漏洞
Flowise is a FlowiseAI open source tool for easily building LLM applications. A security vulnerability exists in Flowise 3.0.4 and earlier versions, which stems from a Supabase RPC Filter field that is not cleaned and escaped from user input, which could lead to remote code execution...
CVE-2025-57164
Flowise through v3.0.4 is vulnerable to remote code execution via unsanitized evaluation of user input in the "Supabase RPC Filter" field...
EUVD-2025-34899
Flowise through v3.0.4 is vulnerable to remote code execution via unsanitized evaluation of user input in the "Supabase RPC Filter" field...
CVE-2025-57164
Flowise through v3.0.4 is vulnerable to remote code execution via unsanitized evaluation of user input in the "Supabase RPC Filter" field...
CVE-2025-57164
Flowise through v3.0.4 is vulnerable to remote code execution due to unsanitized evaluation of user input in the "Supabase RPC Filter" field. The CVE-2025-57164 entry is supported by multiple sources (NVD, Red Hat, OSV, Veracode, etc.) noting RCE risk without details on a specific fixed version o...
CVE-2025-57164
Flowise through v3.0.4 is vulnerable to remote code execution via unsanitized evaluation of user input in the "Supabase RPC Filter" field...
Malicious Package
Overview tailwind-supabase is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
EUVD-2024-34733
Malicious code in bioql PyPI...
EUVD-2025-25477
Malicious code in bioql PyPI...
EUVD-2024-47022
Malicious code in bioql PyPI...