EUVD-2023-2444

Malicious code in bioql PyPI...

CVE-2019-10807

Blamer versions prior to 1.0.1 allows execution of arbitrary commands. It is possible to inject arbitrary commands as part of the arguments provided to blamer...

Arbitrary Argument Injection

Overview blamer is a tool for get information about author of code from version control system. Supports git and subversion. Affected versions of this package are vulnerable to Arbitrary Argument Injection via the blameByFile API. The library does not sanitize for user input or validate the given...

@caiwenshu/cqc (>=0.5.2 <=0.5.3), @dimax-ar/dimax-scripts (>=1.0.0-alpha.1 <=1.0.0-alpha.8) +31 more potentially affected by CVE-2019-10807 via blamer (=0.1.13)

blamer NPM version =0.1.13 is affected by a known vulnerability. The following packages have a transitive dependency on blamer and may be impacted: - @caiwenshu/cqc =0.5.2, =1.0.0-alpha.1, =0.30.66, =1.0.0, =1.0.15, =1.0.5, =1.0.0, =1.0.0, =1.0.5, =1.4.19, =1.0.1, =1.0.0, =0.0.1, =0.0.2 and more...

Design/Logic Flaw

Blamer versions prior to 1.0.1 allows execution of arbitrary commands. It is possible to inject arbitrary commands as part of the arguments provided to blamer...