14 matches found
Malicious code in sp-api-dev-assistant-mcp-server (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 41506fcb0f329d1b260c8aea68fe27eb7b648576521da211f366dc49459bc388 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-87049 Malicious code in joko-gembus65-apidev (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b9a33ab9690514b66b963dbd35bf061d517712f43fb973bb722e887b82ce06f7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
ledger-rest-api-dev (>=0.1.9 <=0.1.10) potentially affected by CVE-2020-11093 via indy-node (=1.0.28)
indy-node PYPI version =1.0.28 is affected by a known vulnerability. The following packages have a transitive dependency on indy-node and may be impacted: - ledger-rest-api-dev =0.1.9, =0.1.10 Source cves: CVE-2020-11093 Source advisory: OSV:GHSA-WH2W-39F4-RPV2...
CVE-2024-29651
A prototype pollution flaw was found in the API Dev Tools json-schema-ref-parser. This flaw allows a remote attacker to cause a denial of service, Cross-site scripting, or arbitrary code via the bundle, parse, resolve, and dereference functions. Mitigation Mitigation for this issue is either not...
json-schema-ref-parser Prototype Pollution issue
A Prototype Pollution issue in API Dev Tools json-schema-ref-parser v.11.0.0 and v.11.1.0 allows a remote attacker to execute arbitrary code via the bundle, parse, resolve, dereference functions...
GHSA-5F97-H2C2-826Q json-schema-ref-parser Prototype Pollution issue
A Prototype Pollution issue in API Dev Tools json-schema-ref-parser v.11.0.0 and v.11.1.0 allows a remote attacker to execute arbitrary code via the bundle, parse, resolve, dereference functions...
CVE-2024-29651
A Prototype Pollution issue in API Dev Tools json-schema-ref-parser v.11.0.0 and v.11.1.0 allows a remote attacker to execute arbitrary code via the bundle, parse, resolve, dereference functions...
CVE-2024-29651
A Prototype Pollution issue in API Dev Tools json-schema-ref-parser v.11.0.0 and v.11.1.0 allows a remote attacker to execute arbitrary code via the bundle, parse, resolve, dereference functions...
CVE-2024-29651
CVE-2024-29651 is a Prototype Pollution vulnerability in API Dev Tools json-schema-ref-parser (versions 11.0.0 and 11.1.0). The flaw allows remote code execution or denial of service by manipulating Object.prototype via bundle(), parse(), resolve(), or dereference() functions. Affected IBM stack ...
CVE-2024-29651
A Prototype Pollution issue in API Dev Tools json-schema-ref-parser v.11.0.0 and v.11.1.0 allows a remote attacker to execute arbitrary code via the bundle, parse, resolve, dereference functions...
ledger-rest-api-dev (>=0.1.9 <=0.1.10) potentially affected by CVE-2022-31006 via indy-node (=1.0.28)
indy-node PYPI version =1.0.28 is affected by a known vulnerability. The following packages have a transitive dependency on indy-node and may be impacted: - ledger-rest-api-dev =0.1.9, =0.1.10 Source cves: CVE-2022-31006 Source advisory: OSV:GHSA-X996-7QH9-7FF7...
ledger-rest-api-dev (>=0.1.9 <=0.1.10) potentially affected by CVE-2022-31006 via indy-node (=1.0.28)
indy-node PYPI version =1.0.28 is affected by a known vulnerability. The following packages have a transitive dependency on indy-node and may be impacted: - ledger-rest-api-dev =0.1.9, =0.1.10 Source cves: CVE-2022-31006 Source advisory: OSV:PYSEC-2022-270...
ledger-rest-api-dev (>=0.1.9 <=0.1.10) potentially affected by CVE-2020-11093 via indy-node (=1.0.28)
indy-node PYPI version =1.0.28 is affected by a known vulnerability. The following packages have a transitive dependency on indy-node and may be impacted: - ledger-rest-api-dev =0.1.9, =0.1.10 Source cves: CVE-2020-11093 Source advisory: OSV:PYSEC-2020-48...
api-dev.cinenews.be Cross Site Scripting vulnerability OBB-1492969
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...