Algolia Search & Discovery for Magento 2 Has Untrusted Data Handling

Impact Versions of the Algolia Search & Discovery extension for Magento 2 prior to 3.17.2 and 3.16.2 contain a vulnerability where data read from the database was treated as a trusted source during job execution. If an attacker is able to modify records used by the extension’s indexing queue, thi...

EUVD-2026-2423

Algolia Search & Discovery for Magento 2 Has Untrusted Data Handling...

algoliasearch-helper is vulnerable to Prototype Pollution in _merge()

Versions of the package algoliasearch-helper from 2.0.0-rc1 and before 3.11.2 are vulnerable to Prototype Pollution in the merge function in merge.js, which allows constructor.prototype to be written even though doing so throws an error. In the "extreme edge-case" that the resulting error is...

CVE-2024-25865

Cross Site Scripting XSS vulnerability in hexo-theme-anzhiyu v1.6.12, allows remote attackers to execute arbitrary code via the algolia search function...

Cross site scripting

Cross Site Scripting XSS vulnerability in hexo-theme-anzhiyu v1.6.12, allows remote attackers to execute arbitrary code via the algolia search function...

hexo-theme-anzhiyu Security Vulnerabilities

hexo-theme-anzhiyu is a clean hexo theme by the personal developer of Chen Zhiwei anzhiyu-c. A security vulnerability exists in hexo-theme-anzhiyu v1.6.12, which stems from a cross-site scripting XSS vulnerability in the algolia search function...

CVE-2024-25865

Cross Site Scripting XSS vulnerability in hexo-theme-anzhiyu v1.6.12, allows remote attackers to execute arbitrary code via the algolia search function...

Malicious Package

Overview dwolla-algolia-search is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

@arcblock/gatsby-theme-docs (>=5.7.0 <=7.34.5), @changeinc/components (>=1.0.4 <=1.0.20) +87 more potentially affected by CVE-2021-23433 +1 more via algoliasearch-helper (>=2.13.0 <=2.2.0)

algoliasearch-helper NPM version =2.13.0, =5.7.0, =1.0.4, =1.0.4, =1.0.0, =2.2.1-custom, =0.0.7, =0.1.2, =0.1.4, =0.2.3, =0.2.1, =0.0.1, =2.0.0, =0.0.0, =1.9.0, =1.0.0, =1.4.2 and more Source cves: CVE-2021-23433, CVE-2025-3193 Source advisory: SNYK:JS-ALGOLIASEARCHHELPER-3318396...

Prototype Pollution

Overview algoliasearch-helper is a Helper for implementing advanced search features with algolia Affected versions of this package are vulnerable to Prototype Pollution in the merge function in merge.js, which allows constructor.prototype to be written even though doing so throws an error. In the...

Malicious code in dwolla-algolia-search (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 93bb17b6d0a8a1b69ad18cd8ebd649cbb5d7e60f664ab2dfa212cb9f686ac801 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-297 Malicious code in dwolla-algolia-search (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 93bb17b6d0a8a1b69ad18cd8ebd649cbb5d7e60f664ab2dfa212cb9f686ac801 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

@4c/docusaurus-preset (>=0.2.4 <=0.3.2), @acid-info/logos-docusaurus-preset (>=1.0.0-alpha.203 <=1.0.4-alpha.0) +382 more potentially affected by CVE-2021-23433 via algoliasearch-helper (>=0.0.0-27095c0 <=3.29.1)

algoliasearch-helper NPM version =0.0.0-27095c0, =0.2.4, =1.0.0-alpha.203, =6.10.3, =6.10.3-1, =0.1.0, =6.26.1, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.2, =1.0.0, =1.1.0, =1.0.0, =1.3.6 and more Source cves: CVE-2021-23433 Source advisory: OSV:GHSA-VPF5-82C8-9V36...

CVE-2021-23433

The package algoliasearch-helper before 3.6.2 are vulnerable to Prototype Pollution due to use of the merge function in src/SearchParameters/index.jsSearchParameters.parseNumbers without any protection against prototype properties. Note that this vulnerability is only exploitable if the...

PT-2021-15521

Name of the Vulnerable Software and Affected Versions algoliasearch-helper versions prior to 3.6.2 Description The issue arises from the use of the merge function in src/SearchParameters/index.js, specifically in the SearchParameters. parseNumbers function, without protection against prototype...