CVE-2019-11404

arrow-kt Arrow before 0.9.0 resolved Gradle build artifacts for compiling and building the published JARs over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by an MITM attack...

EUVD-2022-6168

Malicious code in bioql PyPI...

EUVD-2022-1878

Malicious code in bioql PyPI...

Exposure of Sensitive Information to an Unauthorized Actor in node-fetch/node-fetch

Description The Authorization header leaks from same hostname https-http redirect. If https://example.com redirects to http://example.com, then an attacker who can listen in on the wire or perform a MITM attack will be able to receive the Authorization header due to the use of the insecure HTTP...

Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects/follow-redirects

Note Reclarification of https://huntr.dev/bounties/6d9fd2bf-39e4-4291-b228-30f131b9ccdc/ Description The Authorization header leaks from same hostname https-http redirect. If https://example.com redirects to http://example.com, then an attacker who can listen in on the wire or perform a MITM atta...

CVE-2020-26976

When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to the insecure framing. This vulnerability affects Firefox 84...