CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/05/20 4:18 p.m.•35 views

CVE-2026-9101 Prototype pollution in csv parsing

5.3CVSS0.00013EPSS

CVE•added 2026/05/20 4:18 p.m.•9 views

CVE-2026-9101

The CVE-2026-9101 entry describes a prototype pollution flaw in CSV parsing during import. The underlying issue can allow untrusted file paths (not arguments) to reach shell.openExternal after specific user actions, potentially enabling a limited form of “1-click” command execution. Documents do ...

5.3CVSS5.8AI score0.00013EPSS

OSV•added 2026/04/13 10:10 a.m.•3 views

BIT-MINIO-2026-39414 MinIO affected a DoS via Unbounded Memory Allocation in S3 Select CSV Parsing

MinIO is a high-performance object storage system. From RELEASE.2018-08-18T03-49-57Z to before RELEASE.2025-12-20T04-58-37Z, MinIO's S3 Select feature is vulnerable to memory exhaustion when processing CSV files containing lines longer than available memory. The CSV reader's nextSplit function...

7.1CVSS5.7AI score0.00058EPSS

Exploits0References5

Github Security Blog•added 2026/04/09 5:32 p.m.•3 views

MinIO affected a DoS via Unbounded Memory Allocation in S3 Select CSV Parsing

Impact What kind of vulnerability is it? Who is impacted? MinIO's S3 Select feature is vulnerable to memory exhaustion when processing CSV files containing lines longer than available memory. The CSV reader's nextSplit function calls bufio.Reader.ReadBytes'\n' with no size limit, buffering the...

Exploits0References6Affected Software1

Snyk•added 2026/04/08 9:10 p.m.•3 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the nextSplit function in the S3 Select CSV parsing process. An attacker can cause the server to exhaust available memory and crash by uploading a specially crafted CSV file with...

CVE•added 2026/04/08 8:5 p.m.•7 views

CVE-2026-39414

CVE-2026-39414 affects MinIO’s S3 Select CSV parsing. The CSV reader’s nextSplit() calls ReadBytes('\n') without a size limit, causing unbounded buffering and memory exhaustion (OOM) when processing long lines; a file with no newline can trigger a single large allocation. This can be exploited by...

Exploits0References4Affected Software1

Vulnrichment•added 2026/04/08 8:5 p.m.•2 views

CVE-2026-39414 MinIO affected a DoS via Unbounded Memory Allocation in S3 Select CSV Parsing

EUVD•added 2026/01/22 9:2 a.m.•2 views

Exploits0References4

EUVD-2026-4195

Malicious code in csv-parsing-xz npm...

Snyk•added 2026/01/22 9:2 a.m.•2 views

Malicious Package

Overview csv-parsing-xz is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.5AI score

OSSF Malicious Packages•added 2026/01/22 9:2 a.m.•9 views

Malicious code in csv-parsing-xz (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fbd0bb44a5de8aaaa9d2397fe8ff5fa7e9a7274bb5d6efe9ef6af97ba8747692 The package csv-parsing-xz was found to contain malicious code. Source: ghsa-malware 40d41fc1adde6793bd8a6626e41da04bcb68b4934a4760eeb34c278ed6165adf...

OSV•added 2026/01/22 9:2 a.m.•2 views

MAL-2026-458 Malicious code in csv-parsing-xz (npm)

OSV•added 2026/01/22 9:2 a.m.•3 views

MAL-2026-457 Malicious code in csv-parsing-xx (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dfe9a306ce309515a134b6348aff27991f8725d7925ee31b1c51281c9d4a5bc8 The package csv-parsing-xx was found to contain malicious code. Source: ghsa-malware 3e16868b929858d45e76857e9157eae0e3631ca0e2e5988e69c6f537d0ad1a04...

EUVD•added 2026/01/22 9:2 a.m.•5 views

EUVD-2026-4196

Malicious code in csv-parsing-xx npm...

OSSF Malicious Packages•added 2026/01/22 9:2 a.m.•7 views

Malicious code in csv-parsing-xx (npm)

Snyk•added 2026/01/22 9:2 a.m.•2 views

Malicious Package

Overview csv-parsing-xx is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.5AI score

OSV•added 2025/10/15 2:0 a.m.•2 views

MAL-2025-48414 Malicious code in csv-parsing-xyz (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 363b0535fad3e1200b4ecbbcaf6864c57f005f66af100032426235146347282e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score

Exploits0References3

Snyk•added 2025/10/15 2:0 a.m.•1 views

Malicious Package

Overview csv-parsing-xyz is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score