EUVD-2025-12479

Malicious code in bioql PyPI...

EUVD-2024-51923

Malicious code in bioql PyPI...

CVE-2025-46655

CodiMD through 2.5.4 has a CSP-based protection mechanism against XSS through uploaded SVG documents containing JavaScript, but it can be bypassed in certain cases of different-origin file storage, such as AWS S3. NOTE: it can be considered a user error if AWS is employed for hosting untrusted...

CVE-2025-46654

CodiMD through 2.2.0 has a CSP-based protection mechanism against XSS through uploaded JavaScript content, but it can be bypassed by uploading a .html file that references an uploaded .js file...

CVE-2023-37467 Discourse CSP nonce reuse vulnerability for anonymous users

Discourse is an open source discussion platform. Prior to version 3.1.0.beta7 of the beta and tests-passed branches, a CSP Content Security Policy nonce reuse vulnerability was discovered could allow cross-site scripting XSS attacks to bypass CSP protection for anonymous i.e. unauthenticated user...

GitLab: XSS: `v-safe-html` is not safe enough

v-safe-html directive uses Dompurify to remove data-remote', 'data-url', 'data-type', 'data-method' attributes from HTML tags. Rails-js relies on another attribute, data-disable-with to show a HTML content when an user clicks on a disabled link. For example, the following text will bypass the...

HackerOne: Vulnerability with the way \ escaped characters in <http://danlec.com> style links are rendered

Uh\ oh! Basic POC: Sequences like test\ are rendered as http://test Examples of what could be done with this: Obviously there's a whole variety of stuff that can be done when you can inject arbitrary HTML, even in spite of the CSP protection. We can put in elements we're not supposed to see above...