Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
πŸ”₯ Daily Hot!
πŸ’ͺ🏽 CPE Enhanced Advisories
πŸ•Ά Shadow Exploits
πŸ•΅πŸΌ Vulners CPE
πŸ” Security news
πŸ’» Exploit updates
πŸ“‘ Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
πŸ€– AI High Score
πŸ“° CVE Feed
show all

7 matches found

OSSF Malicious Packages
OSSF Malicious Packagesβ€’added 2022/06/20 8:23 p.m.β€’2 views

Malicious code in blockstack-stats (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 01c989174a7c793669e083cc1eb35355f5af108994fab317b0b01d11c443a3f7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
vulnersOsv
vulnersOsvβ€’added 2021/03/19 8:14 p.m.β€’1 views

@arpinum/backend (>=0.0.3 <=0.0.65), @austbot/wallet-sdk (=1.0.0-beta.21) +135 more potentially affected by CVE-2021-21267 via schema-inspector (>=1.4.2 <=1.7.0)

schema-inspector NPM version =1.4.2, =0.0.3, =0.1.0, =0.1.5, =0.1.1, =0.0.3, =0.0.1, =1.0.0, =3.2.7, =3.3.4, =0.0.3, =2.0.0, =0.0.1, =4.1.2 and more Source cves: CVE-2021-21267 Source advisory: OSV:GHSA-F38P-C2GQ-4PMR...

7.5CVSS7.1AI score0.00866EPSS
Exploits1
Hacker One
Hacker Oneβ€’added 2019/06/15 4:45 a.m.β€’566 views

Hiro: EXIF Geolocation Data Not Stripped From Uploaded Images

The Blockstack Browser does not strip EXIF data on avatar uploads...

6.9AI score
Exploits0
Hacker One
Hacker Oneβ€’added 2019/04/18 6:35 a.m.β€’4 views

Hiro: Blockstack Browser For Mac leaks "Core API Password" to 3rd parties

Hi Blockstack! πŸ˜ƒ I noticed that BlockStack Browser for Mac version is leaking the CoreAPIPassword via Referer Header to several websites: appco.imgix.net a third party site! F471236 api.app.co seems to have some blockstack affiliation? F471235 browser-api.blockstack.org F471237 Steps to Reproduce...

6.7AI score
Exploits0
Hacker One
Hacker Oneβ€’added 2017/12/23 5:33 a.m.β€’3 views

Hiro: REDIRECTION VULNERABILITY/HOST HEADER INJECTION VULNERABILITY

Hiii.. This is vyshnav nk i need to address you a vulnerability i have found in https://github.com/blockstack/blockstack-core/ https://github.com/blockstack/blockstack-core/ is vulnerable to host header injection/redirection vulnerability.. IMPACT:- Attack vectors are somewhat limited but depends...

7.3AI score
Exploits0
Hacker One
Hacker Oneβ€’added 2017/09/18 10:11 a.m.β€’46 views

Hiro: Weak crossdomain.xml

The e-mail list management service used by Blockstack operated by MailChimp has a lenient cross-domain flash policy -- this is not a vulnerability, however, the crossdomain.xml used by the mailing service is more lenient than used by normal web services...

6.9AI score
Exploits0
Hacker One
Hacker Oneβ€’added 2017/09/17 2:13 p.m.β€’31 views

Hiro: Clickjacking https://blockstack.org/

https://blockstack.org/ does not return an X-FRAME-OPTIONS header. However, because blockstack.org does not contain any endpoints where the UI is rendered to invoke a state change action on behalf of users, we do not believe that click-jacking presents a security vulnerability. see this informati...

6.9AI score
Exploits0
Rows per page
Query Builder