22 matches found
CVE-2026-41182
LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to version 0.5.19 of the JavaScript SDK and version 0.7.31 of the Python SDK, the LangSmith SDK's output redaction controls hideOutputs in JS, hideoutputs in Python do not apply to streaming token events. When ...
EUVD-2018-8397
Malware in sbrugna...
EUVD-2022-0509
Malicious code in bioql PyPI...
Malicious code in metal-js-client (npm)
The package metal-js-client was found to contain malicious code...
Malicious code in contentchef-management-js-client (npm)
The package contentchef-management-js-client was found to contain malicious code...
CVE-2022-21671
@replit/crosis is a JavaScript client that speaks Replit's container protocol. A vulnerability that involves exposure of sensitive information exists in versions prior to 7.3.1. When using this library as a way to programmatically communicate with Replit in a standalone fashion, if there are...
CVE-2024-54134
CVE-2024-54134 affects the Solana JavaScript library solana/web3.js, specifically versions 1.95.6 and 1.95.7. A publish-access account was compromised, enabling attackers to publish unauthorized malicious packages that could exfiltrate private key material and drain funds from dapps that handle p...
SAP HANA 安全漏洞
SAP HANA is a set of high-performance real-time data analytics platform from Germany's SAP SAP. The platform provides data query functions to support users to query real-time business data query and analysis. An input validation error vulnerability exists in the SAP HANA Node.js client, which ste...
Malicious code in advertising-api-javascript-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e3299e8d083575625b432f2781c5a613ffd086315798fc9dcf413612f98193b1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
GLSA-202305-36 : Mozilla Thunderbird: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202305-36 Mozilla Thunderbird: Multiple Vulnerabilities - matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 24.0.0 events sent with special strings in key places can temporarily...
CVE-2022-46155
Airtable.js is the JavaScript client for Airtable. Prior to version 0.11.6, Airtable.js had a misconfigured build script in its source package. When the build script is run, it would bundle environment variables into the build target of a transpiled bundle. Specifically, the AIRTABLEAPIKEY and...
Design/Logic Flaw
Airtable.js is the JavaScript client for Airtable. Prior to version 0.11.6, Airtable.js had a misconfigured build script in its source package. When the build script is run, it would bundle environment variables into the build target of a transpiled bundle. Specifically, the AIRTABLEAPIKEY and...
CVE-2022-46155 Airtable.js credentials exposed in browser builds
Airtable.js is the JavaScript client for Airtable. Prior to version 0.11.6, Airtable.js had a misconfigured build script in its source package. When the build script is run, it would bundle environment variables into the build target of a transpiled bundle. Specifically, the AIRTABLEAPIKEY and...
CVE-2022-46155 Airtable.js credentials exposed in browser builds
Airtable.js is the JavaScript client for Airtable. Prior to version 0.11.6, Airtable.js had a misconfigured build script in its source package. When the build script is run, it would bundle environment variables into the build target of a transpiled bundle. Specifically, the AIRTABLEAPIKEY and...
CVE-2022-46155
Summary: CVE-2022-46155 describes a misconfiguration in Airtable.js prior to 0.11.6 where the build script would bundle AIRTABLE_API_KEY and AIRTABLE_ENDPOINT_URL into the transpiled bundle when building from source. This affects copies built from source (not npm/yarn-installed packages) if the u...
Airtable.js 安全漏洞
Airtable.js is Airtable open source an Airtable javascript client . Provides a simple way to access the data . A misconfiguration vulnerability exists in Airtable.js versions prior to 0.11.6 that stems from a misconfiguration in a script that binds environment variables to the build target of a...
Code injection
An attacker may be able to inject client-side JavaScript code on multiple instances within all versions of Uffizio GPS Tracker...
crosis information leakage vulnerability
crosis is a JavaScript client that uses the Replit container protocol. crosis is vulnerable to an information disclosure vulnerability that could be exploited by an attacker to obtain a token used to connect to Repl...
CVE-2022-21671 Potential exposure of Replit tokens to an Unauthorized Actor in @replit/crosis
@replit/crosis is a JavaScript client that speaks Replit's container protocol. A vulnerability that involves exposure of sensitive information exists in versions prior to 7.3.1. When using this library as a way to programmatically communicate with Replit in a standalone fashion, if there are...
CVE-2022-21671 Potential exposure of Replit tokens to an Unauthorized Actor in @replit/crosis
@replit/crosis is a JavaScript client that speaks Replit's container protocol. A vulnerability that involves exposure of sensitive information exists in versions prior to 7.3.1. When using this library as a way to programmatically communicate with Replit in a standalone fashion, if there are...