GHSA-GJ5F-73VH-WPF7 Withdrawn Advisory: cross-zip is vulnerable to Directory Traversal through selective use of zip/unzip operations

Withdrawn Advisory This advisory has been withdrawn because it does not discuss a valid vulnerability. This link is maintained to preserve external references. Original Description All versions of the package cross-zip are vulnerable to Directory Traversal via consecutive usage of zipSync and...

EUVD-2025-22475

Malicious code in bioql PyPI...

EUVD-2025-6954

Malicious code in bioql PyPI...

GHSA-FFRW-9MX8-89P8 Withdrawn Advisory: fast-redact vulnerable to prototype pollution

Withdrawn Advisory This advisory has been withdrawn because the issue uses an internal undocumented utility function. This link is maintained to preserve external references. Original Description fast-redact is a package that provides do very fast object redaction. A Prototype Pollution...

GHSA-XH9H-692F-MMG4 Withdrawn Advisory: Microsoft Knack ReDoS Vulnerability in the Introspection Module

Withdrawn Advisory This advisory has been withdrawn because the attack surface of this vulnerability is outside of Knack's intended functionality. The maintainer states the following: These CVEs are invalid. Knack is a CLI framework used by Azure CLI. It's a local library, not a web service. In...

GHSA-6FXP-P9MG-Q64W Withdrawn Advisory: Microsoft Knack ReDoS Vulnerability in the Introspection Module

Withdrawn Advisory This advisory has been withdrawn because the attack surface of this vulnerability is outside of Knack's intended functionality. The maintainer states the following: These CVEs are invalid. Knack is a CLI framework used by Azure CLI. It's a local library, not a web service. In...

GHSA-XQRQ-4MGF-FF32 Withdrawn Advisory: Python-Future Module Arbitrary Code Execution via Unintended Import of test.py

Withdrawn Advisory This advisory has been withdrawn because it describes a documented feature of Python’s import system in the handling of sys.path. For more information, see https://github.com/PythonCharmers/python-future/issues/650. Original Description A vulnerability in the Python-Future 1.0....

GHSA-64X7-M7RH-9M83 Withdrawn Advisory: microlight.js has a null pointer dereference vulnerability

Withdrawn Advisory This advisory has been withdrawn because a website owner has to set CSS color values. The proof of concept doesn't demonstrate how a malicious user who is not the website owner can cause an application crash. This link has been maintained to preserve external references. Origin...

Duplicate Advisory: @cloudflare/workers-oauth-provider PKCE bypass via downgrade attack

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-qgp8-v765-qxx9. This link is maintained to preserve external references. Original Description PKCE was implemented in the OAuth implementation in workers-oauth-provider that is part of MCP framework...

GHSA-XQGJ-R6XV-9CW4 Withdrawn Advisory: Dask Vulnerable to Command Injection

Withdrawn Advisory This advisory has been withdrawn because it describes intended functionality. This link is maintained to preserve external references. Original Description Dask versions =2024.8.2 contain a vulnerability in the Dask Distributed Server where the use of pickle serialization allow...

编号撤回

dtale is a pandas data structure visualization tool from Man Open Source. This CVE number has been withdrawn...

GHSA-XG2H-7CXJ-3GVH Withdrawn Advisory: Command injection in Ray

Withdrawn Advisory This advisory is a duplicate of GHSA-6wgj-66m2-xxp2 / CVE-2023-48022. Original Description An issue in Anyscale Inc Ray between v.2.9.3 and v.2.40.0 allows a remote attacker to execute arbitrary code via a crafted script...

GHSA-9MVJ-F7W8-PVH2 Withdrawn Advisory: Bootstrap Cross-Site Scripting (XSS) vulnerability

Withdrawn Advisory This advisory has been withdrawn because it was determined to not be a vulnerability in Bootstrap. From the CVE: This was not a security issue in Bootstrap. Bootstrap’s JavaScript is not intended to sanitize unsafe or intentionally dangerous HTML. As such, the reported behavior...

GHSA-QVWG-C35P-RQHJ Duplicate Advisory: AVideo cross-site scripting vulnerability in the view/about.php page

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-f98p-2hc5-fm7v. This link is maintained to preserve external references. Original Description WWBN AVideo 12.4 is vulnerable to Cross Site Scripting XSS...

GHSA-R65J-6H5F-4F92 Withdrawn: JJWT improperly generates signing keys

Withdrawn Advisory This advisory has been withdrawn because it has been found to be disputed. Please see the issue here for more information. Original Description JJWT aka Java JWT through 0.12.5 ignores certain characters and thus a user might falsely conclude that they have a strong key. The...

Duplicate Advisory: httparty has multipart/form-data request tampering vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5pq7-52mg-hr42. This link is maintained to preserve external references. Original Description httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote and unauthenticate...

Withdrawn Advisory: Prometheus XSS Vulnerability

Withdrawn Advisory This advisory has been withdrawn because the vulnerability does not apply to the Prometheus golang package. This link is maintained to preserve external references. Original Description A stored, DOM based, cross-site scripting XSS flaw was found in Prometheus before version...

GHSA-FGQ9-FC3Q-VQMW Withdrawn Advisory: dom4j XML Entity Expansion vulnerability

Withdrawn Advisory This advisory has been withdrawn because the underlying vulnerability could not be reproduced. This link is maintained to preserve external references. Original Description An issue in dom4.j org.dom4.io.SAXReader v.2.1.4 and before allows a remote attacker to obtain sensitive...

Withdrawn Advisory: Mobile Security Framework (MobSF) Vulnerable to Insecure Permissions

Withdrawn Advisory This advisory has been withdrawn because the vendor's position is that authentication is intentionally not implemented because the product is not intended for an untrusted network environment. Use cases requiring authentication could, for example, use a reverse proxy server...

Withdrawn: Use after free in SciPy

Withdrawn Advisory This advisory has been withdrawn because it has been found to not be an issue. Please see the issue here for more information. Original Description A use-after-free issue was discovered in PyFindObjects function in SciPy versions prior to 1.8.0...