Insertion of Sensitive Information into Externally-Accessible File or Directory

Overview @storybook/core-common is a Storybook framework-agnostic API Affected versions of this package are vulnerable to Insertion of Sensitive Information into Externally-Accessible File or Directory via the storybook build command. An attacker can access sensitive environment variables by...

CVE-2025-68429

This CVE (CVE-2025-68429) affects Storybook builds where environment variables in a .env file could be unintentionally bundled into the web-facing build artifacts. Vulnerable if you run storybook build in a directory containing .env (including .env.local) and then publish the built bundle. Affect...

CVE-2025-68429 Storybook manager bundle may expose environment variables during build

Storybook is a frontend workshop for building user interface components and pages in isolation. A vulnerability present starting in versions 7.0.0 and prior to versions 7.6.21, 8.6.15, 9.1.17, and 10.1.10 relates to Storybook’s handling of environment variables defined in a .env file, which could...

CVE-2025-68429 Storybook manager bundle may expose environment variables during build

Storybook is a frontend workshop for building user interface components and pages in isolation. A vulnerability present starting in versions 7.0.0 and prior to versions 7.6.21, 8.6.15, 9.1.17, and 10.1.10 relates to Storybook’s handling of environment variables defined in a .env file, which could...

CVE-2025-68429 Storybook manager bundle may expose environment variables during build

Storybook is a frontend workshop for building user interface components and pages in isolation. A vulnerability present starting in versions 7.0.0 and prior to versions 7.6.21, 8.6.15, 9.1.17, and 10.1.10 relates to Storybook’s handling of environment variables defined in a .env file, which could...

CVE-2023-53895

PimpMyLog 1.7.14 contains an improper access control vulnerability that allows remote attackers to create admin accounts without authorization through the configuration endpoint. Attackers can exploit the unsanitized username field to inject malicious JavaScript, create a hidden backdoor account,...

Storybook 安全漏洞

Storybook is an open source UI component development environment from Storybook. A security vulnerability exists in Storybook versions prior to 7.6.21, 8.6.15, 9.1.17, and 10.1.10, which stems from the handling of environment variables in .env files that may be accidentally packaged into build...

Kubernetes Configuration Detected

Kubernetes is an open-source container orchestration platform used to automate the deployment, scaling, and management of containerized applications. Kubernetes configuration files, such as YAML manifests, define resources like Deployments, Services, ConfigMaps, and Secrets.\n\nWhen exposed with...

PT-2025-51974

Name of the Vulnerable Software and Affected Versions Storybook versions prior to 7.6.21 Storybook versions prior to 8.6.15 Storybook versions prior to 9.1.17 Storybook versions prior to 10.1.10 Description Storybook’s handling of environment variables defined in a .env file can, in certain...

Parse Server has a Cross-Site Scripting (XSS) vulnerability via Unescaped Mustache Template Variables

Impact A Reflected Cross-Site Scripting XSS vulnerability exists in Parse Server's password reset and email verification HTML pages. Patches The patch escapes user controlled values that are inserted into the HTML pages. Workarounds None. Resources -...

GHSA-JHGF-2H8H-GGXV Parse Server has a Cross-Site Scripting (XSS) vulnerability via Unescaped Mustache Template Variables

Impact A Reflected Cross-Site Scripting XSS vulnerability exists in Parse Server's password reset and email verification HTML pages. Patches The patch escapes user controlled values that are inserted into the HTML pages. Workarounds None. Resources -...

Improper Authorization

Overview potsky/pimp-my-log is a Log viewer for your web server. Affected versions of this package are vulnerable to Improper Authorization via the Account Creation Endpoint. An attacker can gain unauthorized administrative access and execute arbitrary JavaScript by exploiting the unsanitized...

CVE-2023-53895

PimpMyLog 1.7.14 contains an improper access control vulnerability that allows remote attackers to create admin accounts without authorization through the configuration endpoint. Attackers can exploit the unsanitized username field to inject malicious JavaScript, create a hidden backdoor account,...

EUVD-2023-60195

PimpMyLog 1.7.14 contains an improper access control vulnerability that allows remote attackers to create admin accounts without authorization through the configuration endpoint. Attackers can exploit the unsanitized username field to inject malicious JavaScript, create a hidden backdoor account,...

CVE-2023-53895 PimpMyLog 1.7.14 Improper Access Control via Account Creation Endpoint

PimpMyLog 1.7.14 contains an improper access control vulnerability that allows remote attackers to create admin accounts without authorization through the configuration endpoint. Attackers can exploit the unsanitized username field to inject malicious JavaScript, create a hidden backdoor account,...

Malicious Package

Overview tailwind-variables is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in tailwind-variables (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 50a9b7a9c02e83e0b4145dc9caaa9d04b407a199ae5d54b9f544f91397980966 The package tailwind-variables was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-203527

Malicious code in tailwind-variables npm...

MAL-2025-192600 Malicious code in tailwind-variables (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 50a9b7a9c02e83e0b4145dc9caaa9d04b407a199ae5d54b9f544f91397980966 The package tailwind-variables was found to contain malicious code. Source: ghsa-malware...

PT-2025-51743

Name of the Vulnerable Software and Affected Versions PimpMyLog version 1.7.14 Description The software contains an improper access control issue that allows remote attackers to create administrator accounts without authorization through the configuration endpoint. Attackers can exploit the...