Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection through the Open function of the file lmdeploy/docs/en/conf.py. An attacker can manipulate the input to execute arbitrary code by crafting malicious input that is processed by this function. Remediation There is...

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write through the component grayfindcell. An attacker can cause a crash of the application by sending specially crafted inputs that trigger a segmentation violation. Remediation A fix was pushed into the master branch but...

GHSA-CF56-G6W6-PQQ2 Twisted vulnerable to HTML injection in HTTP redirect body

Summary The twisted.web.util.redirectTo function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL this vulnerability may result in Reflected Cross-Site Scripting XSS in the redirect response HTML body. Details Twisted’s redirectTo functi...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the BerEncoderencodeLength function. Remediation There is no fixed version for libiec61850. References - GitHub Issue...

GHSA-927P-XRC2-X2GJ ansibleguy-webui Cross-site Scripting vulnerability

Impact Multiple forms in version = 0.0.21 References Report GitHub Issue 44...

sagemaker-python-sdk Command Injection vulnerability

Impact The capturedependencies function in sagemaker.serve.saveretrive.version100.save.utils module before version 2.214.3 allows for potentially unsafe Operating System OS Command Injection if inappropriate command is passed as the “requirementspath” parameter. This consequently may allow an...

GHSA-7PC3-PR3Q-58VG sagemaker-python-sdk Command Injection vulnerability

Impact The capturedependencies function in sagemaker.serve.saveretrive.version100.save.utils module before version 2.214.3 allows for potentially unsafe Operating System OS Command Injection if inappropriate command is passed as the “requirementspath” parameter. This consequently may allow an...

Divide By Zero

Overview Affected versions of this package are vulnerable to Divide By Zero due to the blendtransformedtiledargb.isra.0 function. An attacker can cause the application to crash by triggering a floating point exception. Remediation Upgrade lunasvg to version 2.4.1 or higher. References - GitHub...

GHSA-W5W5-8VFH-XCJQ whoami stack buffer overflow on several Unix platforms

With versions of the whoami crate = 0.5.3 and = 0.5.3 and 1.0.1, calling any of the above functions also leads to a stack buffer overflow on these platforms: - Bitrig - DragonFlyBSD - FreeBSD - NetBSD - OpenBSD This occurs because of an incorrect definition of the passwd struct on those platforms...

Express.js Open Redirect in malformed URLs

Impact Versions of Express.js prior to 4.19.2 and pre-release alpha and beta versions before 5.0.0-beta.3 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL Express performs an encode using encodeurl on the...

[TagAwareCipher] - Decryption Failure (Regex Match)

Impact Vulnerability in SecureProps involves a regex failing to detect tags during decryption of encrypted data. This occurs when the encrypted data has been encoded with NullEncoder and passed to TagAwareCipher, and contains special characters such as \n. As a result, the decryption process is...

Tinyproxy <= 1.11.1 Information Disclosure Vulnerability

Tinyproxy is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:banu:tinyproxy"; i...

CVE-2024-26335

swftools v0.9.2 was discovered to contain a segmentation violation via the function statefree at swftools/src/swfc-history.c...

GHSA-VR64-R9QJ-H27F

creationtimestamp| type| source ---|---|--- 2024-03-01 18:07:01+00:00| seen| https://t.me/ctinow/197847 2025-07-16 05:53:12+00:00| seen| https://gist.github.com/safer-bot/f110a7e84a54d33302d15922e79756bf...

GHSA-PCFX-G2J2-F6F6 Docassemble HTML and javascript injection

Impact A user could type HTML into a field, including the field for the user's name, and then that HTML could be displayed on the screen as HTML. The HTML can also contain tags allowing JavaScript to execute on the page. Patches The vulnerability has been patched in version 1.4.97 of the master...

GHSA-7WXF-R2QV-9XWR Docassemble open redirect

Impact It is possible to create a URL that acts as an open redirect. Patches The vulnerability has been patched in version 1.4.97 of the master branch. The Docker image on docker.io has been patched. Workarounds If upgrading is not possible, manually apply the changes of 4801ac7 and restart the...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow due to the improper handling of objects in memory by the std::sharedcount function. An attacker can cause a denial of service by crafting a malicious input. PoC c git clone https://github.com/qpdf/qpdf cd qpdf...

GHSA-9X7F-GWXQ-6F2C Vyper's bounds check on built-in `slice()` function can be overflowed

Summary The bounds check for slices does not account for the ability for start + length to overflow when the values aren't literals. If a slice function uses a non-literal argument for the start or length variable, this creates the ability for an attacker to overflow the bounds check. This issue...

s2n-quic potential denial of service via crafted stream frames

Impact An issue in s2n-quic could result in unnecessary resource utilization when peers open streams beyond advertised limits. Impacted versions: = v1.30.0. Patches The patch is included in v1.31.0 1. Workarounds There is no workaround. Applications using s2n-quic should upgrade to the most recen...

stellar-strkey vulnerable to panic in SignedPayload::from_payload

Impact Panic vulnerability when a specially crafted payload is used. This is because of the following calculation: rust innerpayloadlen + 4 - innerpayloadlen % 4 % 4 If innerpayloadlen is 0xffffffff, 4 - innerpayloadlen % 4 % 4 = 1 so rust innerpayloadlen + 4 - innerpayloadlen % 4 % 4 = u32::MAX ...