@aiconnect/codelets-runner (>=0.1.0 <=0.2.0), @cairncms/api (>=1.0.0-beta.1 <=1.0.0-beta.4) +21 more potentially affected by CVE-2026-47141 via vm2 (>=3.0.0 <=3.11.3)

vm2 NPM version =3.0.0, =0.1.0, =1.0.0-beta.1, =3.0.46, =0.1.0, =1.1.15, =1.27.8, =1.0.0-beta.1, =1.1.0, =0.2.0, =0.1.64, =0.1.61, =1.66.16, =1.66.16, =1.72.4 and more Source cves: CVE-2026-47141 Source advisory: SNYK:JS-VM2-17111339...

@aiconnect/codelets-runner (>=0.1.0 <=0.2.0), @cairncms/api (>=1.0.0-beta.1 <=1.0.0-beta.4) +21 more potentially affected by CVE-2026-47210 via vm2 (>=3.0.0 <=3.11.3)

vm2 NPM version =3.0.0, =0.1.0, =1.0.0-beta.1, =3.0.46, =0.1.0, =1.1.15, =1.27.8, =1.0.0-beta.1, =1.1.0, =0.2.0, =0.1.64, =0.1.61, =1.66.16, =1.66.16, =1.72.4 and more Source cves: CVE-2026-47210 Source advisory: SNYK:JS-VM2-17111321...

mdbt (>=0.5.1 <=0.6.0), sqlfluff-templater-dataform (>=0.1.8 <=0.1.12) +2 more potentially affected by CVE-2026-46374 via sqlfluff (>=4.0.0 <=4.1.0)

sqlfluff PYPI version =4.0.0, =0.5.1, =0.1.8, =4.0.0, =4.1.0 - stylebook =0.1.0 Source cves: CVE-2026-46374 Source advisory: SNYK:PYTHON-SQLFLUFF-16770152...

sqlfluff-templater-dataform (>=0.1.8 <=0.1.11), sqlfluff-templater-dbt (>=4.0.0 <=4.0.4a1) potentially affected by CVE-2026-46373 via sqlfluff (>=4.0.0 <=4.0.4a1)

sqlfluff PYPI version =4.0.0, =0.1.8, =4.0.0, =4.0.4a1 Source cves: CVE-2026-46373 Source advisory: SNYK:PYTHON-SQLFLUFF-16770154...

EUVD-2025-25690

Malicious code in bioql PyPI...

CVE-2025-9118

A path traversal vulnerability in the NPM package installation process of Google Cloud Dataform allows a remote attacker to read and write files in other customers' repositories via a maliciously crafted package.json file...

CVE-2025-9118

A path traversal vulnerability in the NPM package installation process of Google Cloud Dataform allows a remote attacker to read and write files in other customers' repositories via a maliciously crafted package.json file...

CVE-2025-9118

CVE-2025-9118 is a path traversal vulnerability in the NPM package installation process of Google Cloud Dataform. The flaw allows a remote attacker to read and write files in other customers’ repositories via a maliciously crafted package.json. The CVE is rated CRITICAL (CVSS 4.0 base score 10.0)...

CVE-2025-9118 Dataform Path Traversal

A path traversal vulnerability in the NPM package installation process of Google Cloud Dataform allows a remote attacker to read and write files in other customers' repositories via a maliciously crafted package.json file...

CVE-2025-9118 Dataform Path Traversal

A path traversal vulnerability in the NPM package installation process of Google Cloud Dataform allows a remote attacker to read and write files in other customers' repositories via a maliciously crafted package.json file...

Google Cloud Dataform 安全漏洞

Google Cloud Dataform is a platform for automated workflow processing from Google, Inc. in the United States. A security vulnerability exists in Google Cloud Dataform that stems from path traversal during NPM package installation, which could result in reading and writing to other customer...

PT-2025-34599 · Google · Google Cloud Dataform

Name of the Vulnerable Software and Affected Versions: Google Cloud Dataform affected versions not specified Description: A path traversal vulnerability exists in the NPM package installation process of Google Cloud Dataform. A remote attacker can read and write files in other customers'...

Design/Logic Flaw

The viewList function in lib/WebGUI/Asset/Wobject/DataForm.pm in Plain Black WebGUI before 7.3.14 does not properly use data structures containing privilege information, which allows remote authenticated users to obtain sensitive information or possibly have other unspecified impact...

CVE-2007-2746

The CVE-2007-2746 entry concerns Plain Black WebGUI: the viewList function in lib/WebGUI/Asset/Wobject/DataForm.pm for versions before 7.3.14 improperly uses data structures containing privilege information, enabling remote authenticated users to obtain sensitive data or potentially cause other u...

Cross site scripting

Cross-site scripting XSS vulnerability in the DataForm Entries functionality in Plain Black WebGUI before 6.8.4 gamma allows remote attackers to inject arbitrary Javascript via the 1 url and 2 name field of the default email form...

CVE-2006-0165

Cross-site scripting XSS vulnerability in the DataForm Entries functionality in Plain Black WebGUI before 6.8.4 gamma allows remote attackers to inject arbitrary Javascript via the 1 url and 2 name field of the default email form...

CVE-2006-0165

CVE-2006-0165 affects Plain Black WebGUI (DataForm Entries) prior to version 6.8.4 (gamma). The vulnerability arises in the default email form’s url and name fields, enabling remote attackers to inject arbitrary Javascript (XSS). The provided sources confirm the affected product and vulnerable co...