93 matches found
Inefficient Algorithmic Complexity
Overview golang.org/x/net/html is a package that implements an HTML5-compliant tokenizer and parser. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in parse.go, when checking attributes iteratively. An attacker can cause excessive CPU consumption by providi...
AZL-76931 CVE-2025-58190 affecting package docker-buildx 0.14.0-8
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...
Security update for git-bug (moderate)
openSUSE Security Update: Security update for git-bug Announcement ID: openSUSE-SU-2025:0418-1 Rating: moderate References: 1251463 1251664 Cross-References: CVE-2025-47911 CVE-2025-58190 CVSS scores: CVE-2025-47911 SUSE: 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N...
EUVD-2022-2622
Malicious code in bioql PyPI...
EUVD-2022-2066
Malicious code in bioql PyPI...
EUVD-2022-3747
Malicious code in bioql PyPI...
EUVD-2022-2438
Malicious code in bioql PyPI...
EUVD-2022-0070
Malicious code in bioql PyPI...
EUVD-2022-4626
Malicious code in bioql PyPI...
MAL-2025-28613 Malicious code in outer-html (npm)
The package outer-html was found to contain malicious code...
CVE-2022-42044
The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-html package. The affected version is 0.1.0...
CVE-2022-41385
The d8s-html package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0...
Security Bulletin: Multiple vulnerabilities in IBM Storage Defender – Data Protect
Summary There are multiple vulnerabilities in Open Source packages that affect IBM Storage Defender – Data Protect. These vulnerabilities can result in runtime errors, denial of service, remote code execution, arbitrary command execution, bypass of security restrictions, incorrect file permission...
golang.org/x/net/html: Cross site scripting
A flaw was found in the Golang HTML package where it is vulnerable to Cross-site scripting caused by the improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in a victim's web browser within the security...
golang.org/x/net/html: Cross site scripting
A flaw was found in the Golang HTML package where it is vulnerable to Cross-site scripting caused by the improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in a victim's web browser within the security...
golang.org/x/net/html: Cross site scripting
A flaw was found in the Golang HTML package where it is vulnerable to Cross-site scripting caused by the improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in a victim's web browser within the security...
golang.org/x/net/html: Cross site scripting
A flaw was found in the Golang HTML package where it is vulnerable to Cross-site scripting caused by the improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in a victim's web browser within the security...
golang.org/x/net/html: Cross site scripting
A flaw was found in the Golang HTML package where it is vulnerable to Cross-site scripting caused by the improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in a victim's web browser within the security...
CVE-2023-3978
A flaw was found in the Golang HTML package where it is vulnerable to Cross-site scripting caused by the improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in a victim's web browser within the security...
SUSE CVE-2018-17075
The html package aka x/net/html before 2018-07-13 in Go mishandles "in frameset" insertion mode, leading to a "panic: runtime error" for html.Parse of , , or . This is related to HTMLTreeBuilder.cpp in WebKit...