instructlab-sdg (>=0.0.1 <=0.0.1rc4) potentially affected by CVE-2026-6859 via instructlab (=0.17.2)

instructlab PYPI version =0.17.2 is affected by a known vulnerability. The following packages have a transitive dependency on instructlab and may be impacted: - instructlab-sdg =0.0.1, =0.0.1rc4 Source cves: CVE-2026-6859 Source advisory: OSV:GHSA-RXPQ-XGQX-FR7P...

CVE-2026-24738

gmrtd is a Go library for reading Machine Readable Travel Documents MRTDs. Prior to version 0.17.2, ReadFile accepts TLVs with lengths that can range up to 4GB, which can cause unconstrained resource consumption in both memory and cpu cycles. ReadFile can consume an extended TLV with lengths well...

EUVD-2026-4740

gmrtd is a Go library for reading Machine Readable Travel Documents MRTDs. Prior to version 0.17.2, ReadFile accepts TLVs with lengths that can range up to 4GB, which can cause unconstrained resource consumption in both memory and cpu cycles. ReadFile can consume an extended TLV with lengths well...

CVE-2026-24738 gmrtd ReadFile Vulnerable to Denial of Service via Excessive TLV Length Values

gmrtd is a Go library for reading Machine Readable Travel Documents MRTDs. Prior to version 0.17.2, ReadFile accepts TLVs with lengths that can range up to 4GB, which can cause unconstrained resource consumption in both memory and cpu cycles. ReadFile can consume an extended TLV with lengths well...

GHSA-J49H-6577-5XWQ gmrtd ReadFile Vulnerable to Denial of Service via Excessive TLV Length Values

Unbounded TLV length in ReadFile can cause Denial of Service Summary A Denial of Service vulnerability was identified in ReadFile where unbounded TLV length values could lead to excessive CPU and memory usage when processing data from a malicious or non-compliant NFC source. This issue has been...

gmrtd ReadFile Vulnerable to Denial of Service via Excessive TLV Length Values

Unbounded TLV length in ReadFile can cause Denial of Service Summary A Denial of Service vulnerability was identified in ReadFile where unbounded TLV length values could lead to excessive CPU and memory usage when processing data from a malicious or non-compliant NFC source. This issue has been...

gmrtd security vulnerabilities

GMRTD is an open-source Go language library developed by GMRTD. Versions of GMRTD prior to 0.17.2 contained security vulnerabilities. These vulnerabilities stemmed from the ReadFile function accepting TLVs of excessive length, which could lead to unlimited resource consumption...

CVE-2025-15504

A security flaw has been discovered in lief-project LIEF up to 0.17.1. Affected by this issue is the function Parser::parsebinary of the file src/ELF/Parser.tcc of the component ELF Binary Parser. The manipulation results in null pointer dereference. The attack must be initiated from a local...

LIEF is vulnerable to segmentation fault

A security flaw has been discovered in lief-project LIEF up to 0.17.1. Affected by this issue is the function Parser::parsebinary of the file src/ELF/Parser.tcc of the component ELF Binary Parser. The manipulation results in null pointer dereference. The attack must be initiated from a local...

CVE-2025-15504

A security flaw has been discovered in lief-project LIEF up to 0.17.1. Affected by this issue is the function Parser::parsebinary of the file src/ELF/Parser.tcc of the component ELF Binary Parser. The manipulation results in null pointer dereference. The attack must be initiated from a local...

PT-2026-1781

Name of the Vulnerable Software and Affected Versions lief-project LIEF versions up to 0.17.1 Description A security flaw exists in LIEF, specifically within the ELF Binary Parser component. The issue resides in the Parser::parse binary function located in the file src/ELF/Parser.tcc. This...

EUVD-2023-2161

Malicious code in bioql PyPI...

EUVD-2025-21892

Malicious code in bioql PyPI...

RAGFlow 跨站脚本漏洞

RAGFlow is an open source RAG engine based on deep document understanding by InfiniFlow open source. A security vulnerability exists in RAGFlow version 0.17.2, which stems from a stored cross-site scripting vulnerability in api.apps.dialogapp.setdialog that could lead to the execution of arbitrar...

CVE-2025-54075

MDC is a tool to take regular Markdown and write documents interacting deeply with a Vue component. Prior to version 0.17.2, a remote script-inclusion / stored cross-site scripting vulnerability in @nuxtjs/mdc lets a Markdown author inject a element. The tag rewrites how all subsequent relative...

CVE-2025-54075 mdc vulnerable to XSS in markdown rendering bypassing HTML filter. (N°4)

MDC is a tool to take regular Markdown and write documents interacting deeply with a Vue component. Prior to version 0.17.2, a remote script-inclusion / stored cross-site scripting vulnerability in @nuxtjs/mdc lets a Markdown author inject a element. The tag rewrites how all subsequent relative...

Nuxt MDC 跨站脚本漏洞

Nuxt MDC is a Nuxt open source application that enhances regular Markdown. A cross-site scripting vulnerability exists in Nuxt MDC versions prior to 0.17.2, which stems from improper handling of Markdown and could lead to a stored cross-site scripting attack...

CVE-2020-36663

A vulnerability, which was classified as problematic, was found in Artesãos SEOTools up to 0.17.1. This affects the function makeTag of the file OpenGraph.php. The manipulation of the argument value leads to open redirect. Upgrading to version 0.17.2 is able to address this issue. The patch is...

NanoMQ 缓冲区错误漏洞

NanoMQ is an open source lightweight and fast MQTT Broker for IoT edge platforms from EMQ Technologies. A security vulnerability exists in NanoMQ version 0.17.2, which originates from a heap buffer overflow that can be triggered by calling the function copynstr in the file mqttparser.c. An attack...

NanoMQ 缓冲区错误漏洞

NanoMQ is an open source, lightweight and fast MQTT Broker for IoT edge platforms from EMQ Technologies. A security vulnerability exists in NanoMQ version 0.17.2, which originates from a heap buffer overflow that can be triggered by calling the function nnimsggetpubpid in the file message.c. The...