3 matches found
EUVD-2024-3202
Malicious code in bioql PyPI...
CVE-2025-1022
Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation in the setHtml function, invoked by Browsershot::html, which can be bypassed by omitting the slashes in the file URI e.g., file:../../../../etc/passwd. This is due to missing validations of the use...
Arbitrary File Read
Overview @sdscoep/web-review is a npm package which will compile reports consisting of multiple criteria. Affected versions of this package are vulnerable to Arbitrary File Read. It is possible to read arbitrary file by using the "file:///" URI as a url. PoC const webReview =...