325 matches found
CVE-2025-68278
CVE-2025-68278 affects tinacms prior to 3.1.1, where insecure use of the gray-matter package allows attackers who can control markdown front matter (e.g., blog posts) to execute arbitrary code. The issue spans tinacms, @tinacms/cli (v2.0.4), and @tinacms/graphql (v2.0.3). A fix is available in ti...
CVE-2025-68278 tinacms vulnerable to arbitrary code execution
Tina is a headless content management system. In tinacms prior to version 3.1.1, tinacms uses the gray-matter package in an insecure way allowing attackers that can control the content of the processed markdown files, e.g., blog posts, to execute arbitrary code. tinacms version 3.1.1, @tinacms/cl...
PT-2025-52257
Name of the Vulnerable Software and Affected Versions Tina versions prior to 3.1.1 Description Tina is a headless content management system. Versions of Tina prior to 3.1.1 improperly utilize the gray-matter package, potentially allowing attackers who control the content of markdown filesāsuch as...
TinaCMS 代ē ę³Øå „ę¼ę“
TinaCMS is an open source headless CMS for Markdown, MDX and JSON from Tina Open Source. A code injection vulnerability exists in TinaCMS versions prior to 3.1.1, which stems from improper use of the gray-matter package and could lead to the execution of arbitrary code...
CVE-2025-65108
md-to-pdf is a CLI tool for converting Markdown files to PDF using Node.js and headless Chrome. Prior to version 5.2.5, a Markdown front-matter block that contains JavaScript delimiter causes the JS engine in gray-matter library to execute arbitrary code in the Markdown to PDF converter process o...
CVE-2025-65108
CVE-2025-65108 affects the md-to-pdf CLI (Markdown to PDF) where parsing front matter with a JavaScript delimiter can trigger the gray-matter JS engine to execute arbitrary code during the conversion process, enabling remote code execution. This vulnerability exists in versions prior to 5.2.5 and...
md-to-pdf vulnerable to arbitrary JavaScript code execution when parsing front matter
Summary A Markdown front-matter block that contains JavaScript delimiter causes the JS engine in gray-matter library to execute arbitrary code in the Markdown to PDF converter process of md-to-pdf library, resulting in remote code execution. Details md-to-pdf uses the gray-matter library to parse...
GHSA-547R-QMJM-8HVW md-to-pdf vulnerable to arbitrary JavaScript code execution when parsing front matter
Summary A Markdown front-matter block that contains JavaScript delimiter causes the JS engine in gray-matter library to execute arbitrary code in the Markdown to PDF converter process of md-to-pdf library, resulting in remote code execution. Details md-to-pdf uses the gray-matter library to parse...
OSV-2025-906 Use-of-uninitialized-value in QImage::pixel
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=461199967 Crash type: Use-of-uninitialized-value Crash state: QImage::pixel XCFImageFormat::copyGrayAToRGB XCFImageFormat::copyLayerToImage...
EUVD-2025-120013
Malicious code in sillywhippetgray-50 npm...
EUVD-2025-117467
Malicious code in cooing-gray-eagle npm...
EUVD-2025-117522
Malicious code in active-gray-dolphin npm...
EUVD-2025-117018
Malicious code in ugliest-gray-wallaby npm...
MAL-2025-138635 Malicious code in cooing-gray-eagle (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ee4e04041645ccefea1a7b4557022e36c1affbe69091836280e14d0184b2b7a8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-117420
Malicious code in elated-gray-marten npm...
EUVD-2025-117003
Malicious code in victorious-gray-stingray npm...
Malicious code in elderly-gray-spoonbill (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 96b959c5c17ab2c8ba4b992d3d10b18349b5b9d3e8a7f7a4fc3134853c0959c1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-117198
Malicious code in obliged-gray-donkey npm...
Malicious code in obliged-gray-donkey (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b04fe894ddc20327b2fb3e7036c84fe23114a4183385c745608ac91feb4a2778 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in elated-gray-marten (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0c32a771f61d8884dd839eb457a9126fe4d205325bf194b113122900c6b8a5cf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...