CVE-2026-27704

The Dart and Flutter SDKs provide software development kits for the Dart programming language. In versions of the Dart SDK prior to 3.11.0 and the Flutter SDK prior to version 3.41.0, when the pub client dart pub and flutter pub extracts a package in the pub cache, a malicious package archive can...

CVE-2026-27704

The Dart and Flutter SDKs provide software development kits for the Dart programming language. In versions of the Dart SDK prior to 3.11.0 and the Flutter SDK prior to version 3.41.0, when the pub client dart pub and flutter pub extracts a package in the pub cache, a malicious package archive can...

CVE-2026-27704 Dart SDK and Flutter SDK have Zip slip in Dart Pub package extraction

The Dart and Flutter SDKs provide software development kits for the Dart programming language. In versions of the Dart SDK prior to 3.11.0 and the Flutter SDK prior to version 3.41.0, when the pub client dart pub and flutter pub extracts a package in the pub cache, a malicious package archive can...

CVE-2026-27704

The CVE-2026-27704 issue affects the Dart SDKs and Flutter SDKs prior to versions 3.11.0 and 3.41.0, respectively. During package extraction in the pub cache (via dart pub and flutter pub), a malicious package archive could cause files to be written outside the destination directory due to a path...

CVE-2021-22540

Bad validation logic in the Dart SDK versions prior to 2.12.3 allow an attacker to use an XSS attack via DOM clobbering. The validation logic in dart:html for creating DOM nodes from text did not sanitize properly when it came across template tags...

EUVD-2022-15590

Malicious code in bioql PyPI...

EUVD-2021-9681

Malicious code in bioql PyPI...

CVE-2022-0451

Dart SDK contains the HTTPClient in dart:io library whcih includes authorization headers when handling cross origin redirects. These headers may be explicitly set and contain sensitive information. By default, HttpClient handles redirection logic. If a request is sent to example.com with...

CVE-2022-0451

Dart SDK contains the HTTPClient in dart:io library whcih includes authorization headers when handling cross origin redirects. These headers may be explicitly set and contain sensitive information. By default, HttpClient handles redirection logic. If a request is sent to example.com with...

Authorization

Dart SDK contains the HTTPClient in dart:io library whcih includes authorization headers when handling cross origin redirects. These headers may be explicitly set and contain sensitive information. By default, HttpClient handles redirection logic. If a request is sent to example.com with...

CVE-2022-0451 Auth bypass in Dark SDK

Dart SDK contains the HTTPClient in dart:io library whcih includes authorization headers when handling cross origin redirects. These headers may be explicitly set and contain sensitive information. By default, HttpClient handles redirection logic. If a request is sent to example.com with...

CVE-2022-0451

The CVE-2022-0451 issue affects the Dart SDK (dart:io) where HTTPClient may include Authorization headers during cross-origin redirects. By default, HttpClient handles redirects, and headers that are set on the initial request could be sent to a redirect target if the redirect goes to an attacker...

CVE-2022-0451 Auth bypass in Dark SDK

Dart SDK contains the HTTPClient in dart:io library whcih includes authorization headers when handling cross origin redirects. These headers may be explicitly set and contain sensitive information. By default, HttpClient handles redirection logic. If a request is sent to example.com with...

CVE-2021-22567 Bidirectional Override in Dart SDK

Bidirectional Unicode text can be interpreted and compiled differently than how it appears in editors which can be exploited to get nefarious code passed a code review by appearing benign. An attacker could embed a source that is invisible to a code reviewer that modifies the behavior of a progra...

CVE-2021-22567 Bidirectional Override in Dart SDK

Bidirectional Unicode text can be interpreted and compiled differently than how it appears in editors which can be exploited to get nefarious code passed a code review by appearing benign. An attacker could embed a source that is invisible to a code reviewer that modifies the behavior of a progra...

Dart Cross-Site Scripting Vulnerability (CNVD-2021-31987)

Dart is an open source programming language. A cross-site scripting vulnerability exists in Dart SDK versions prior to 2.12.3, which can be exploited by attackers to use XSS attacks by hitting the DOM hard...

CVE-2021-22540

Bad validation logic in the Dart SDK versions prior to 2.12.3 allow an attacker to use an XSS attack via DOM clobbering. The validation logic in dart:html for creating DOM nodes from text did not sanitize properly when it came across template tags...

CVE-2021-22540

Bad validation logic in the Dart SDK versions prior to 2.12.3 allow an attacker to use an XSS attack via DOM clobbering. The validation logic in dart:html for creating DOM nodes from text did not sanitize properly when it came across template tags...

Design/Logic Flaw

Bad validation logic in the Dart SDK versions prior to 2.12.3 allow an attacker to use an XSS attack via DOM clobbering. The validation logic in dart:html for creating DOM nodes from text did not sanitize properly when it came across template tags...

CVE-2021-22540

The CVE-2021-22540 issue affects the Dart SDK prior to 2.12.3. Root cause: bad validation logic in dart:html when creating DOM nodes from text, which did not sanitize template tags. Impact: enables cross-site scripting via DOM clobbering. Affected component: Dart SDK (web/dom handling). Remediati...