6 matches found
EUVD-2023-36590
Malicious code in bioql PyPI...
EUVD-2025-6727
Malicious code in bioql PyPI...
CVE-2025-30144 Fast-JWT Improperly Validates iss Claims
fast-jwt provides fast JSON Web Token JWT implementation. Prior to 5.0.6, the fast-jwt library does not properly validate the iss claim based on the RFC 7519. The iss issuer claim validation within the fast-jwt library permits an array of strings as a valid iss value. This design flaw enables a...
proveAndClaim and proveAndClaimWithResolver can be front-run to claim the same name by a malicious user
Lines of code Vulnerability details Impact In the DNSRegistrar contract, the proveAndClaim and proveAndClaimWithResolver functions are used to claim a name. And this name is not encrypted. This can create a race condition because once this name is claimed, it cannot be claimed by other users. In...
CVE-2023-22482 JWT audience claim is not verified
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions of Argo CD starting with v1.8.2 and prior to 2.3.13, 2.4.19, 2.5.6, and 2.6.0-rc-3 are vulnerable to an improper authorization bug causing the API to accept certain invalid tokens. OIDC providers include an aud...
auditor (>=0.0.1 <=0.0.2), avrisp (=0.3.0) +29 more potentially affected by unknown CVE via claim (>=0.3.1 <=0.5.0)
claim CARGO version =0.3.1, =0.0.1, =0.1.0, =0.3.0, =0.1.0, =0.2.0, =0.1.1, =0.1.0, =0.0.1, =0.0.2, =0.9.0, =0.8.0, =1.3.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2022-0077...