Lucene search
K

14 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/16 12:5 a.m.11 views

Malicious code in sp-api-dev-assistant-mcp-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 41506fcb0f329d1b260c8aea68fe27eb7b648576521da211f366dc49459bc388 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.4AI score
Exploits0References1
OSV
OSV
added 2025/11/11 4:25 a.m.2 views

MAL-2025-87049 Malicious code in joko-gembus65-apidev (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b9a33ab9690514b66b963dbd35bf061d517712f43fb973bb722e887b82ce06f7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2024/08/30 6:41 p.m.4 views

ledger-rest-api-dev (>=0.1.9 <=0.1.10) potentially affected by CVE-2020-11093 via indy-node (=1.0.28)

indy-node PYPI version =1.0.28 is affected by a known vulnerability. The following packages have a transitive dependency on indy-node and may be impacted: - ledger-rest-api-dev =0.1.9, =0.1.10 Source cves: CVE-2020-11093 Source advisory: OSV:GHSA-WH2W-39F4-RPV2...

7.5CVSS7.1AI score0.00933EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2024/05/21 8:27 p.m.30 views

CVE-2024-29651

A prototype pollution flaw was found in the API Dev Tools json-schema-ref-parser. This flaw allows a remote attacker to cause a denial of service, Cross-site scripting, or arbitrary code via the bundle, parse, resolve, and dereference functions. Mitigation Mitigation for this issue is either not...

5.6CVSS8AI score0.00798EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/05/20 6:31 p.m.29 views

json-schema-ref-parser Prototype Pollution issue

A Prototype Pollution issue in API Dev Tools json-schema-ref-parser v.11.0.0 and v.11.1.0 allows a remote attacker to execute arbitrary code via the bundle, parse, resolve, dereference functions...

8.1CVSS8.1AI score0.00798EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/05/20 6:31 p.m.16 views

GHSA-5F97-H2C2-826Q json-schema-ref-parser Prototype Pollution issue

A Prototype Pollution issue in API Dev Tools json-schema-ref-parser v.11.0.0 and v.11.1.0 allows a remote attacker to execute arbitrary code via the bundle, parse, resolve, dereference functions...

8.1CVSS7AI score0.00798EPSS
Exploits0References4
NVD
NVD
added 2024/05/20 6:15 p.m.32 views

CVE-2024-29651

A Prototype Pollution issue in API Dev Tools json-schema-ref-parser v.11.0.0 and v.11.1.0 allows a remote attacker to execute arbitrary code via the bundle, parse, resolve, dereference functions...

8.1CVSS7.4AI score0.00798EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/20 5:15 p.m.47 views

CVE-2024-29651

A Prototype Pollution issue in API Dev Tools json-schema-ref-parser v.11.0.0 and v.11.1.0 allows a remote attacker to execute arbitrary code via the bundle, parse, resolve, dereference functions...

7.4AI score0.00798EPSS
Exploits0References1
CVE
CVE
added 2024/05/20 5:15 p.m.138 views

CVE-2024-29651

CVE-2024-29651 is a Prototype Pollution vulnerability in API Dev Tools json-schema-ref-parser (versions 11.0.0 and 11.1.0). The flaw allows remote code execution or denial of service by manipulating Object.prototype via bundle(), parse(), resolve(), or dereference() functions. Affected IBM stack ...

8.1CVSS7.7AI score0.00798EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/20 5:15 p.m.11 views

CVE-2024-29651

A Prototype Pollution issue in API Dev Tools json-schema-ref-parser v.11.0.0 and v.11.1.0 allows a remote attacker to execute arbitrary code via the bundle, parse, resolve, dereference functions...

7.8AI score0.00798EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2022/09/16 8:28 p.m.4 views

ledger-rest-api-dev (>=0.1.9 <=0.1.10) potentially affected by CVE-2022-31006 via indy-node (=1.0.28)

indy-node PYPI version =1.0.28 is affected by a known vulnerability. The following packages have a transitive dependency on indy-node and may be impacted: - ledger-rest-api-dev =0.1.9, =0.1.10 Source cves: CVE-2022-31006 Source advisory: OSV:GHSA-X996-7QH9-7FF7...

7.5CVSS7.1AI score0.00924EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/09/09 7:15 p.m.5 views

ledger-rest-api-dev (>=0.1.9 <=0.1.10) potentially affected by CVE-2022-31006 via indy-node (=1.0.28)

indy-node PYPI version =1.0.28 is affected by a known vulnerability. The following packages have a transitive dependency on indy-node and may be impacted: - ledger-rest-api-dev =0.1.9, =0.1.10 Source cves: CVE-2022-31006 Source advisory: OSV:PYSEC-2022-270...

7.5CVSS7.1AI score0.00924EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2020/12/24 8:15 p.m.9 views

ledger-rest-api-dev (>=0.1.9 <=0.1.10) potentially affected by CVE-2020-11093 via indy-node (=1.0.28)

indy-node PYPI version =1.0.28 is affected by a known vulnerability. The following packages have a transitive dependency on indy-node and may be impacted: - ledger-rest-api-dev =0.1.9, =0.1.10 Source cves: CVE-2020-11093 Source advisory: OSV:PYSEC-2020-48...

7.5CVSS7.1AI score0.00933EPSS
Exploits1
Openbugbounty
Openbugbounty
added 2020/11/08 9:53 a.m.10 views

api-dev.cinenews.be Cross Site Scripting vulnerability OBB-1492969

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Exploits0
Rows per page
Query Builder