GetPDB (>=0.1.0 <=1.0.1), IMAPServer (=0.1.0) +3229 more potentially affected by unknown CVE via tokio-executor (>=0.1.10 <=0.2.0-alpha.6)

tokio-executor CARGO version =0.1.10, =0.1.0, =0.1.0, =0.1.0, =0.2.0, =0.5.3, =0.2.1, =0.1.0, =0.1.0, =0.1.0, =0.9.1 - acme-lib-load-order =0.1.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0063...

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview @nyariv/sandboxjs is a Javascript sandboxing library. Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition in addOps and other methods in executor.ts, which do not enforce the type of property keys. An attacker can execute arbitrary code on...

Prototype Pollution

@nyariv/sandboxjs is vulnerable to prototype pollution. The vulnerability is due to insufficient prototype access checks in the sandbox’s executor logic, particularly when handling JavaScript function objects, which allows an attacker to inject arbitrary properties into Object.prototype...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the ActionDispatch::Executor function, which expects response bodies to be closed and will not know to reset a thread's local state for the next request in a case where a response body isn't closed, allowing for...