Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the isSSRFSafeURL function. An attacker can access internal network resources and sensitive cloud metadata by submitting specially crafted URLs that use IPv4-mapped IPv6 notation, which bypasses the...

Astra Linux - уязвимость в dav1d

An integer overflow occurs in the dav1d AV1 decoder, which can happen when decoding videos with a large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading to a version later than 1.4.0 of dav1d...

Insertion of Sensitive Information Into Sent Data

Overview openssl-encrypt is an A package for secure file encryption and decryption based on modern ciphers using heavy-compute-load chaining of hashing and KDF to generate strong encryption password based on users provided password to ensure secure encryption of files Affected versions of this...

PT-2026-28558

Name of the Vulnerable Software and Affected Versions Forge also called node-forge versions prior to 1.4.0 Description Forge, a native implementation of Transport Layer Security in JavaScript, contains an issue in Ed25519 signature verification. Specifically, the verification process does not...

Improper Neutralization of Input Used for LLM Prompting

Overview omni-cortex is a Give Claude Code a perfect memory - auto-logs everything, searches smartly, and gets smarter over time Affected versions of this package are vulnerable to Improper Neutralization of Input Used for LLM Prompting. LLM prompt construction fails to sanitize user-controlled...

SQL Injection

Overview fraiseql is a GraphQL for the LLM era. Simple. Powerful. Rust-fast. Production-ready GraphQL API framework for PostgreSQL with CQRS, JSONB optimization, and type-safe mutations Affected versions of this package are vulnerable to SQL Injection due to missing validation of GraphQL context...

Session Fixation

Overview better-auth is a The most comprehensive authentication library for TypeScript. Affected versions of this package are vulnerable to Session Fixation via the constantTimeEqual function in the crypto/buffer.ts file. An attacker can cause arbitrary user sessions to be revoked by forging...

Authorization Bypass Through User-Controlled Key

Overview @better-auth/passkey is a Passkey plugin for Better Auth Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via a POST /passkey/delete-passkey request. An attacker can delete arbitrary passkeys belonging to other users by providing their...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via the NnssfNSSAIAvailability API when processing crafted POST requests. An attacker can disrupt service availability by sending specially crafted requests. Details Denial of Service DoS describes a family of...

GHSA-4JVF-WX3F-2X8Q AWS Advanced Python Wrapper: Privilege Escalation in Aurora PostgreSQL instance

Description of Vulnerability: An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rdssuperuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service RDS...

OESA-2025-2614 dav1d security update

dav1d is a new AV1 cross-platform Decoder, open-source, and focused on speed and correctness. Security Fixes: An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past...

PT-2025-32586

Name of the Vulnerable Software and Affected Versions: CryptoLib versions 1.4.0 and earlier Description: CryptoLib is a software solution utilizing the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight Syste...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the HTTP Data API. An attacker can manipulate the Rego code within the query to either cause the server to perform unintended actions or to consume excessive resources, leading to a Denial of Service DoS. Not...

Insufficient Verification of Data Authenticity

Overview laravel/reverb is a provider of a real-time WebSocket communication backend for Laravel applications. Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity through the verification of API signatures. An attacker can manipulate the API by sendi...

PT-2024-30660 · Unknown · Request Store

Name of the Vulnerable Software and Affected Versions: request store version 1.3.2 Description: The files published as part of request store 1.3.2 have 0666 permissions, meaning that they are world-writable, which allows local users to execute arbitrary code. This version was published in 2017, a...

PT-2024-10128 · Drupal · Drupal Coffee

Name of the Vulnerable Software and Affected Versions: Drupal Coffee versions 0.0.0 through 1.4.0 Description: The issue is related to improper neutralization of input during web page generation, which allows Cross-Site Scripting XSS. This can be exploited by a remote attacker to conduct a...

UBUNTU-CVE-2024-1580

An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past version 1.4.0 of dav1d...

DEBIAN-CVE-2019-25078

A vulnerability classified as problematic was found in pacparser up to 1.3.x. Affected by this vulnerability is the function pacparserfindproxy of the file src/pacparser.c. The manipulation of the argument url leads to buffer overflow. Attacking locally is a requirement. Upgrading to version 1.4....

PT-2022-8295 · Pacparser +1 · Pacparser +1

Name of the Vulnerable Software and Affected Versions: pacparser versions up to 1.3.x Description: A problematic vulnerability was found in pacparser, affecting the pacparser find proxy function of the file src/pacparser.c. The manipulation of the url argument leads to buffer overflow. This issue...

PT-2022-19149 · Grafana · Grafana Enterprise Logs +1

Name of the Vulnerable Software and Affected Versions: Grafana Enterprise Logs versions 1.1.x through 1.3.x Description: The querier component does not require authentication when X-Scope-OrgID is used, affecting -auth.type=enterprise in microservices mode. Recommendations: For versions 1.1.x...