Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Github Security Blog
Github Security Blogadded 2024/02/21 2:54 a.m.27 views

agent-js: Insecure Key Generation in `Ed25519KeyIdentity.generate`

Impact The library offers a function to generate an ed25519 key pair via Ed25519KeyIdentity.generate with an optional param to provide a 32 byte seed value, which will then be used as the secret key. When no seed value is provided, it is expected that the library generates the secret key using...

9.1CVSS6.7AI score0.01735EPSS
Exploits1References7Affected Software2
OSV
OSVadded 2024/01/03 9:29 p.m.17 views

GHSA-C9V7-WMWJ-VF6X Withdrawn Advisory: SFTP is possible on the Proxy server for any user with SFTP access

Withdrawn Advisory This advisory has been withdrawn because the vulnerability affects a binary, not a library in a supported ecosystem. Therefore, users of the library should not receive alerts. This link is maintained to preserve external references. Original Description Impact An attacker that...

6.8AI score
Exploits0References4
Github Security Blog
Github Security Blogadded 2023/10/26 8:53 p.m.91 views

browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attack

Summary An upper bound check issue in dsaVerify function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack. Details In dsaVerify function, it checks whether the value of the signature is legal by calling...

7.5CVSS6.7AI score0.00527EPSS
Exploits0References8Affected Software1
OSV
OSVadded 2022/09/16 7:26 p.m.21 views

GHSA-9XGJ-FCGF-X6MW Poetry Argument Injection can lead to Local Code Execution

Observation When handling dependencies that come from a Git repository instead of a registry, Poetry uses various commands, such as git clone. These commands are being constructed using user input e.g. the repository URL. When building the commands, Poetry correctly avoids Command Injection...

8.6CVSS7.8AI score0.0072EPSS
Exploits1References7
Github Security Blog
Github Security Blogadded 2022/09/16 7:26 p.m.28 views

Poetry Argument Injection can lead to Local Code Execution

Observation When handling dependencies that come from a Git repository instead of a registry, Poetry uses various commands, such as git clone. These commands are being constructed using user input e.g. the repository URL. When building the commands, Poetry correctly avoids Command Injection...

7.3CVSS7.8AI score0.0072EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blogadded 2021/10/19 3:28 p.m.43 views

Specification non-compliance in JUMPI

Impact In evm crate 0.31.0, JUMPI opcode's condition is checked after the destination validity check. However, according to Geth and OpenEthereum, the condition check should happen before the destination validity check. Patches This is a high severity security advisory if you use evm crate for...

9.8CVSS9.4AI score0.00334EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder