10 matches found
Cross-site Scripting (XSS)
Overview @jupyterlab/git is an A JupyterLab extension for version control using git Affected versions of this package are vulnerable to Cross-site Scripting XSS in the createHeader method. An attacker can execute arbitrary JavaScript in another user's browser session by crafting a malicious...
01-numacert (>=1.0.0 <=3.0.0), 101 (>=0.3.0 <=0.7.1) +22913 more potentially affected by CVE-2026-24001 via diff (>=1.0.1 <=3.5.0)
diff NPM version =1.0.1, =1.0.0, =0.3.0, =0.0.15, =1.0.4, =5.4.4, =5.4.4, =2.2.1, =1.1.8, =1.0.0, =1.0.0, =2.0.0, =0.1.0, =0.0.97, =0.0.981 and more Source cves: CVE-2026-24001 Source advisory: OSV:GHSA-73RR-HH4G-FPGX...
02.aula (=1.0.0), 19json-validator (>=0.0.3 <=0.0.4) +3293 more potentially affected by CVE-2026-24001 via diff (>=5.0.0 <=5.2.0)
diff NPM version =5.0.0, =0.0.3, =0.0.1, =0.1.23, =0.1.4, =1.0.0, =1.0.7, =10.4.0, =9.0.0, =10.0.0, =10.0.0, =10.6.0 and more Source cves: CVE-2026-24001 Source advisory: OSV:GHSA-73RR-HH4G-FPGX...
@0k.io/prettier (>=0.0.2 <=0.0.3), @0k/prettier (>=0.2.0 <=0.2.1) +319 more potentially affected by CVE-2026-24001 via diff (>=4.0.1 <=4.0.2)
diff NPM version =4.0.1, =0.0.2, =0.2.0, =1.2.0, =0.3.2, =0.4.0-next.6, =7.0.0-alpha.0, =7.0.0-alpha.0, =7.0.0-alpha.0, =7.0.0-alpha.0, =7.0.0-alpha.0, =0.4.0, =1.5.0, =4.0.0, =1.0.0, =2.1.0 and more Source cves: CVE-2026-24001 Source advisory: OSV:GHSA-73RR-HH4G-FPGX...
0g-serving-broker (=0.1.0), 10x-cli (=0.0.7) +3254 more potentially affected by CVE-2026-24001 via diff (>=6.0.0 <=8.0.2)
diff NPM version =6.0.0, =0.1.0, =1.0.0, =0.5.0, =0.1.1, =0.1.1, =0.1.1, =0.1.8, =0.1.5, =1.0.0, =0.0.0-dev-nicolas-fix-publishing-aurora-mcp-1750279939, =0.0.65, =0.1.0, =0.1.4 and more Source cves: CVE-2026-24001 Source advisory: OSV:GHSA-73RR-HH4G-FPGX...
01-numacert (>=1.0.0 <=3.0.0), 12g (>=0.0.15 <=1.0.1) +7558 more potentially affected by CVE-2026-24001 via diff (>=3.0.0 <=3.5.0)
diff NPM version =3.0.0, =1.0.0, =0.0.15, =1.0.4, =5.4.4, =5.4.4, =2.2.1, =1.1.8, =1.0.0, =2.0.0, =0.0.1, =0.1.1, =0.1.0, =1.0.0, =1.8.1 and more Source cves: CVE-2026-24001 Source advisory: SNYK:JS-DIFF-14917201...
02.aula (=1.0.0), 19json-validator (>=0.0.3 <=0.0.4) +3293 more potentially affected by CVE-2026-24001 via diff (>=5.0.0 <=5.2.0)
diff NPM version =5.0.0, =0.0.3, =0.0.1, =0.1.23, =0.1.4, =1.0.0, =1.0.7, =10.4.0, =9.0.0, =10.0.0, =10.0.0, =10.6.0 and more Source cves: CVE-2026-24001 Source advisory: SNYK:JS-DIFF-14917201...
Regular Expression Denial of Service
Overview Affected versions of diff are vulnerable to Regular Expression Denial of Service ReDoS. This can cause an impact of about 10 seconds matching time for data 48K characters long. Recommendation Upgrade to 3.5.0 or later. References - WhiteSource Advisory - Snyk Advisory - GitHub Advisory...
01-numacert (>=1.0.0 <=3.0.0), 101 (>=0.3.0 <=0.7.1) +18888 more potentially affected by unknown CVE via diff (>=1.0.1 <=3.4.0)
diff NPM version =1.0.1, =1.0.0, =0.3.0, =0.0.15, =1.0.4, =5.4.4, =5.4.4, =2.2.1, =1.1.8, =1.0.0, =1.0.0, =0.1.0, =0.0.97, =0.0.981 - 3thisistest =3.2.1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-H6CH-V84P-W6P9...
CVSTrac Remote Arbitrary Code Execution Exploit
No description provided by source. filediff?f=CVSROOT/rcsinfo&v1=1.1&v2=1.2;last; milw0rm.com 2004-08-06...