Off-by-one Error

Overview Magick.NET-Q8-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package ar...

CVE-2026-40169

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, a crafted image could result in an out of bounds heap write when writing a yaml or json output, resulting in a crash. This issue has been fixed in version 7.1.2-19...

CVE-2026-34730

Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's externaldata feature allows a template to load YAML files using template-controlled paths. If untrusted templates are in scope, a malicious template can read attacker-chosen YAML-parseable local fil...

CVE-2021-33493

The middleware component in OX App Suite through 7.10.5 allows Code Injection via Java classes in a YAML format...

EUVD-2025-178902

Malicious code in final-scale-static-yaml-debug npm...

EUVD-2025-116520

Malicious code in ariel-cluster-yaml-vega npm...

Malicious code in yaml-gatsby-yildun-less (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9176cc856a7e1b77aae4968733ab2bea8d8ddf71d2233a9e6f1ef1c0f9e0646f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-123639

Malicious code in playwright-library-build-yaml npm...

Vlang-Pentest-Framework

🔥 Vlang Pentest Framework ██╗ ██╗██████╗ ███████╗███╗...

EUVD-2021-2055

Malware in sbrugna...

EUVD-2021-20196

Malware in sbrugna...

poc-scaner

Java POC Scanner A powerful graphical POC Proof of Concept...

SUSE SLES15 / openSUSE 15 Security Update : ignition (SUSE-SU-2025:03001-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:03001-1 advisory. - CVE-2022-28948: Fixed an issue during unmarshaling in Go-Yaml v3 can lead to DoS via invalid input bsc1248548 Tenable has extracted the...

PT-2024-26436 · Libyaml · Libyaml

Name of the Vulnerable Software and Affected Versions: libyaml version 0.2.5 Description: The issue is related to a heap-based Buffer Overflow in the yaml document add sequence function in api.c. Recommendations: For libyaml version 0.2.5, at the moment, there is no information about a newer...

编号撤回

libyaml is a codec library for YAML from the YAML community. This CVE number has been withdrawn...

CVE-2023-46124

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in runtime environments, and the enforcement of privacy regulations in code. The Fides web application allows a custom integration to be uploaded as a ZIP file containing configuration and...

CVE-2023-46124 Server-Side Request Forgery Vulnerability in Custom Integration Upload

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in runtime environments, and the enforcement of privacy regulations in code. The Fides web application allows a custom integration to be uploaded as a ZIP file containing configuration and...

Fides Server-Side Request Forgery Vulnerability in Custom Integration Upload

Impact The Fides web application allows a custom integration to be uploaded as a ZIP file containing configuration and dataset definitions in YAML format. It was discovered that specially crafted YAML dataset and config files allow a malicious user to perform arbitrary requests to internal system...

GHSA-JQ3W-9MGF-43M4 Fides Server-Side Request Forgery Vulnerability in Custom Integration Upload

Impact The Fides web application allows a custom integration to be uploaded as a ZIP file containing configuration and dataset definitions in YAML format. It was discovered that specially crafted YAML dataset and config files allow a malicious user to perform arbitrary requests to internal system...

The vulnerability of the library for serializing and deserializing YAML documents in SnakeYAML, related to buffer overflow in the stack, allows attackers to cause a service failure.

The vulnerability of the YAML serialization and deserialization library SnakeYAML lies in buffer overflows in the stack. Exploiting this vulnerability can allow an attacker to cause a service failure...