@atlassian/aui (>=9.3.22 <=10.0.0-M02), @charcoal-ui/icons (>=3.16.0 <=3.21.0) +108 more potentially affected by CVE-2025-15599 via dompurify (>=2.5.4 <=2.5.8)

dompurify NPM version =2.5.4, =9.3.22, =3.16.0, =3.0.0, =3.0.0, =0.0.0-canary-20240806060533, =0.0.0-canary-20240806060533, =0.0.0-canary-20240806060533, =0.0.0-canary-20240806060533, =0.0.0-canary-20240719153432, =0.0.0-fec-156-react19-20250116105607, =0.0.0-fec-156-react19-20250116105607,...

@atlassian/aui (>=9.3.22 <=10.0.0-M02), @charcoal-ui/icons (>=3.16.0 <=3.21.0) +108 more potentially affected by CVE-2026-0540 via dompurify (>=2.5.4 <=2.5.8)

dompurify NPM version =2.5.4, =9.3.22, =3.16.0, =3.0.0, =3.0.0, =0.0.0-canary-20240806060533, =0.0.0-canary-20240806060533, =0.0.0-canary-20240806060533, =0.0.0-canary-20240806060533, =0.0.0-canary-20240719153432, =0.0.0-fec-156-react19-20250116105607, =0.0.0-fec-156-react19-20250116105607,...

EUVD-2021-22936

Malware in sbrugna...

Malicious code in aui-js (npm)

The package aui-js was found to contain malicious code...

MAL-2025-15041 Malicious code in aui-js (npm)

The package aui-js was found to contain malicious code...

CVE-2025-21117

Dell Avamar, version 19.4 or later, contains an access token reuse vulnerability in the AUI. A low privileged local attacker could potentially exploit this vulnerability, leading to fully impersonating the user...

Privilege escalation

Dell EMC Avamar Server versions 18.2, 19.1, 19.2, 19.3, and 19.4 contain an improper privilege management vulnerability in AUI. A malicious user with high privileges could potentially exploit this vulnerability, leading to the disclosure of the AUI info and performing some unauthorized operation ...

CVE-2021-36316

Dell EMC Avamar Server versions 18.2, 19.1, 19.2, 19.3, and 19.4 are affected by an improper privilege management vulnerability in AUI. A malicious user with high privileges could disclose AUI information and perform unauthorized operations on AUI. The provided documents do not include deeper roo...

@atlassian/aui (>=8.2.4 <=9.4.1), @chinchilla-software/ng-date-time-picker (>=1.0.0 <=1.0.1) +129 more potentially affected by CVE-2021-41183 via jquery-ui (>=1.10.4 <=1.12.1)

jquery-ui NPM version =1.10.4, =8.2.4, =1.0.0, =1.0.0, =0.1.0, =2.3.2, =6.4.0, =1.1.42, =0.0.0, =2.1.1, =4.0.0, =1.0.0-alpha.0, =11.0.0, =17.0.0-dev.3 and more Source cves: CVE-2021-41183 Source advisory: OSV:GHSA-J7QV-PGF6-HVH4...