Lucene search
K

43 matches found

OSV
OSV
added 2026/06/29 8:17 p.m.2 views

UBUNTU-CVE-2026-56018

JavaScript::Minifier::XS versions before 0.16 for Perl leak memory on every call to minify, allowing unbounded memory growth. In JsMinify XS.xs the cleanup frees only the NodeSet structures and never the per-token contents buffers allocated in JsSetNodeContents; JsDiscardNode unlinks nodes withou...

7.5CVSS5.9AI score0.00609EPSS
Exploits0References6
vulnersOsv
vulnersOsv
added 2025/12/03 4:57 p.m.8 views

ch.reportingsoft.birt:birt-runtime-bundle (>=4.19.0 <=4.20.0), cloud.wondrify:coffee-asset-pipeline (>=5.0.10 <=5.1.0-M4) +163 more potentially affected by CVE-2025-66453 via org.mozilla:rhino (=1.8.0)

org.mozilla:rhino MAVEN version =1.8.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.mozilla:rhino and may be impacted: - ch.reportingsoft.birt:birt-runtime-bundle =4.19.0, =5.0.10, =5.0.10, =5.0.10, =10.2.1, =8.0.0, =8.0.0, =5.0.6, =5.0.6, =5.0....

7.5CVSS7.2AI score0.00235EPSS
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2014-8872

Malware in sbrugna...

5CVSS6.4AI score0.01186EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-3922

Malicious code in bioql PyPI...

7.5CVSS7.7AI score0.02185EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.16 views

EUVD-2022-5517

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.02511EPSS
Exploits1References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.1 views

Malicious code in asset_pipeline (npm)

The package assetpipeline was found to contain malicious code...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.2 views

Malicious code in asset-pipeline-yaml-combiner (npm)

The package asset-pipeline-yaml-combiner was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.2 views

MAL-2025-14941 Malicious code in asset-pipeline-yaml-combiner (npm)

The package asset-pipeline-yaml-combiner was found to contain malicious code...

7.2AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.1 views

MAL-2025-14944 Malicious code in asset_pipeline (npm)

The package assetpipeline was found to contain malicious code...

7.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 1:13 p.m.17 views

CVE-2018-1000817

Asset Pipeline Grails Plugin Asset-pipeline plugin version Prior to 2.14.1.1, 2.15.1 and 3.0.6 contains a Incorrect Access Control vulnerability in Applications deployed in Jetty that can result in Download .class files and any arbitrary file. This attack appear to be exploitable via Specially...

7.5CVSS7AI score0.02511EPSS
Exploits1References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 1:49 p.m.4 views

Malicious code in asset-pipeline (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 1:49 p.m.6 views

Malicious code in asset-pipeline_i18n (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0References1
OSV
OSV
added 2024/06/25 1:49 p.m.8 views

MAL-2024-6701 Malicious code in asset-pipeline (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2022/05/14 1:44 a.m.23 views

Asset Pipeline plugin for Grails vulnerable to Path Traversal

An issue was discovered in the Asset Pipeline plugin before 3.0.4 for Grails. An attacker can perform directory traversal via a crafted request when a servlet-based application is executed in Jetty, because there is a classloader vulnerability that can allow a reverse file traversal route in...

7.5CVSS5AI score0.02185EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/14 1:44 a.m.12 views

GHSA-G7WM-22M6-5774 Asset Pipeline plugin for Grails vulnerable to Path Traversal

An issue was discovered in the Asset Pipeline plugin before 3.0.4 for Grails. An attacker can perform directory traversal via a crafted request when a servlet-based application is executed in Jetty, because there is a classloader vulnerability that can allow a reverse file traversal route in...

7.5CVSS7.5AI score0.02185EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/13 1:48 a.m.29 views

Asset Pipeline Grails Plugin vulnerable to Path Traversal

Asset Pipeline Grails Plugin Asset-pipeline plugin version Prior to 2.14.1.1, 2.15.1 and 3.0.6 contains a Incorrect Access Control vulnerability in Applications deployed in Jetty that can result in Download .class files and any arbitrary file. This attack appear to be exploitable via Specially...

7.5CVSS4.4AI score0.02511EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2022/05/13 1:48 a.m.11 views

GHSA-W73Q-MC9G-J56X Asset Pipeline Grails Plugin vulnerable to Path Traversal

Asset Pipeline Grails Plugin Asset-pipeline plugin version Prior to 2.14.1.1, 2.15.1 and 3.0.6 contains a Incorrect Access Control vulnerability in Applications deployed in Jetty that can result in Download .class files and any arbitrary file. This attack appear to be exploitable via Specially...

7.5CVSS7.6AI score0.02511EPSS
Exploits1References3
Snyk
Snyk
added 2020/04/27 10:14 p.m.3 views

Prototype Pollution

Overview lodash-rails is a lodash for the Rails asset pipeline. Affected versions of this package are vulnerable to Prototype Pollution. The function zipObjectDeep can be tricked into adding or modifying properties of the Object prototype. These properties will be present on all objects. PoC js...

8.2CVSS7.7AI score0.05213EPSS
Exploits1References3
Snyk
Snyk
added 2020/04/17 12:0 a.m.1 views

Malicious Package

Overview asset-pipelinei18n is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...

8CVSS6.9AI score
Exploits0References2
vulnersOsv
vulnersOsv
added 2020/01/27 7:28 p.m.6 views

com.bertramlabs.plugins:ratpack-asset-pipeline (>=2.2.7 <=4.3.0), com.bytekast.serverless-local-apigateway:com.bytekast.serverless-local-apigateway.gradle.plugin (>=0.4 <=0.5) +88 more potentially affected by CVE-2019-10770 via io.ratpack:ratpack-core (>=0.9.0 <=1.7.5)

io.ratpack:ratpack-core MAVEN version =0.9.0, =2.2.7, =0.4, =0.0.1, =0.0.1, =0.0.2, =1.0.0, =1.2, =1.2, =1.3, =1.1, =1.1, =1.5, =1.1, =1.8 and more Source cves: CVE-2019-10770 Source advisory: OSV:GHSA-R2WF-Q3X4-HRV9...

6.1CVSS6.3AI score0.00857EPSS
Exploits1
Rows per page
Query Builder