413 matches found
Helmet Store Showroom v1.0 - SQL Injection
There is SQL Injection vulnerability at Helmet Store Showroom v1.0 Login Page. This vulnerability can be exploited to bypass admin access. id: CVE-2022-46071 info: name: Helmet Store Showroom v1.0 - SQL Injection author: Harsh severity: critical description: | There is SQL Injection vulnerability...
CVE-2026-53624
Fiber is an Express inspired web framework written in Go. Prior to 3.4.0, the helmet middleware in middleware/helmet/helmet.go never sets the Strict-Transport-Security response header even when HSTSMaxAge is configured because it checks c.Protocol for https instead of c.Scheme. This issue is fixe...
CVE-2026-53624 Fiber: HSTS header never set in helmet middleware due to incorrect protocol check
Fiber is an Express inspired web framework written in Go. Prior to 3.4.0, the helmet middleware in middleware/helmet/helmet.go never sets the Strict-Transport-Security response header even when HSTSMaxAge is configured because it checks c.Protocol for https instead of c.Scheme. This issue is fixe...
CVE-2026-53624
CVE-2026-53624 (Fiber Go) : The helmet middleware fails to set the Strict-Transport-Security header before version 3.4.0 because it checks c.Protocol() for
CVE-2026-53624 Fiber: HSTS header never set in helmet middleware due to incorrect protocol check
Fiber is an Express inspired web framework written in Go. Prior to 3.4.0, the helmet middleware in middleware/helmet/helmet.go never sets the Strict-Transport-Security response header even when HSTSMaxAge is configured because it checks c.Protocol for https instead of c.Scheme. This issue is fixe...
Cleartext Transmission of Sensitive Information
Overview Affected versions of this package are vulnerable to Cleartext Transmission of Sensitive Information due to the incorrect protocol check in the helmet middleware, which fails to set the Strict-Transport-Security header even when configured. An attacker can intercept and manipulate network...
Cleartext Transmission of Sensitive Information
Overview Affected versions of this package are vulnerable to Cleartext Transmission of Sensitive Information due to the incorrect protocol check in the helmet middleware, which fails to set the Strict-Transport-Security header even when configured. An attacker can intercept and manipulate network...
GHSA-GV83-GQW6-9J2C GoFiber never set HSTS header in helmet middleware due to incorrect protocol check
Summary The helmet middleware in gofiber/fiber never sets the Strict-Transport-Security HSTS response header, even when HSTSMaxAge is explicitly configured, because the condition check at helmet.go:67 uses c.Protocol — which returns the HTTP protocol version string e.g., "HTTP/1.1", "HTTP/2.0" —...
GoFiber never set HSTS header in helmet middleware due to incorrect protocol check
Summary The helmet middleware in gofiber/fiber never sets the Strict-Transport-Security HSTS response header, even when HSTSMaxAge is explicitly configured, because the condition check at helmet.go:67 uses c.Protocol — which returns the HTTP protocol version string e.g., "HTTP/1.1", "HTTP/2.0" —...
PT-2026-56054
Name of the Vulnerable Software and Affected Versions Fiber versions prior to 3.4.0 Description The helmet middleware in the Fiber web framework fails to set the Strict-Transport-Security HSTS response header, even when HSTSMaxAge is configured. This occurs because the logic in...
EUVD-2025-178556
Malicious code in helmet-radiant-babel-dorado npm...
EUVD-2025-177414
Malicious code in orbit-publish-dynamo-helmet npm...
EUVD-2025-179544
Malicious code in cosmicray-ursa-helmet-deneb npm...
EUVD-2025-176365
Malicious code in singularity-restart-helmet-auriga npm...
Malicious code in helmet-terser-isostasy-nova (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c6d590435965fd0d4709f2a296b53d67c019e8b303be67e195da8cf4cba2cfc9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-178554
Malicious code in helmet-sagitta-saturnology-element-ui npm...
EUVD-2025-179560
Malicious code in corvus-biohacking-helmet-pm2 npm...
EUVD-2025-178521
Malicious code in higgs-markdown-pdf-kaus-helmet npm...
EUVD-2025-176844
Malicious code in quasar-helmet-metabolomics-node-config npm...
EUVD-2025-177906
Malicious code in meissa-steganography-helmet-yaml npm...