CVE-2025-45526

A denial of service DoS vulnerability has been identified in the JavaScript library microlight version 0.0.7. This library, used for syntax highlighting, does not limit the size of textual content it processes in HTML elements with the microlight class. When excessively large content e.g., 100...

CVE-2025-45526

The CVE-2025-45526 entry concerns microlight v0.0.7, where the reset function in microlight.js can consume excessive memory/CPU when processing extremely large content in elements with the microlight class. This can lead to browser crashes or unresponsiveness, effectively a DoS, with exploitation...

brace-expansion 安全漏洞

brace-expansion is a Brace extension in JavaScript by the individual developer Julian Gruber. A security vulnerability exists in brace-expansion version 1.1.11 and earlier, which stems from an inefficient regular expression complexity in the function expand...

CVE-2025-48370

auth-js is an isomorphic Javascript library for Supabase Auth. Prior to version 2.70.0, the library functions getUserById, deleteUser, updateUserById, listFactors and deleteFactor did not require the user supplied values to be valid UUIDs. This could lead to a URL path traversal, resulting in the...

CVE-2024-38989

izatop bunt v0.29.19 was discovered to contain a prototype pollution via the component /esm/qs.js. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

CVE-2021-41167

modern-async is an open source JavaScript tooling library for asynchronous operations using async/await and promises. In affected versions a bug affecting two of the functions in this library: forEachSeries and forEachLimit. They should limit the concurrency of some actions but, in practice, they...

Malicious code in js-lib-const (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 02a729f8e6b9c15dea0d5d98728a6fa1585580d7c06587bd998cfb8e8a17760b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-9416

The Modula Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bundled FancyBox JavaScript library versions = 5.0.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

expand-object 安全漏洞

expand-object is a library by Jon Schlinkert, a personal developer, that uses simple symbols to expand strings into JavaScript objects. A security vulnerability exists in expand-object that stems from prototype contamination in the expand function...

CVE-2024-9416 Modula Image Gallery <= 2.10.1 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox 5 JavaScript Library

The Modula Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bundled FancyBox JavaScript library versions = 5.0.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

Linux Distros Unpatched Vulnerability : CVE-2024-28243

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using...

Linux Distros Unpatched Vulnerability : CVE-2024-28246

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KaTeX is a JavaScript library for TeX math rendering on the web. Code that uses KaTeX's trust option, specifically that provides a function to blacklist certain...

Linux Distros Unpatched Vulnerability : CVE-2024-28244

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using...

CVE-2025-23207

A flaw was found in the KaTeX library. KaTeX users who render untrusted mathematical expressions with renderToString could encounter malicious input using \htmlData that runs arbitrary JavaScript or generate invalid HTML. Mitigation Users unable to upgrade should turn off the trust option or set ...

CVE-2025-23207 \htmlData does not validate attribute names in KaTeX

KaTeX is a fast, easy-to-use JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions with renderToString could encounter malicious input using \htmlData that runs arbitrary JavaScript, or generate invalid HTML. Users are advised to upgrade t...

ROS-20241209-04

A vulnerability in the JavaScript library for securely cleaning and protecting DOMPurify HTML code is related to flaws in the validation of input data containing signs of an XSS attack. Exploitation of the vulnerability could Allow a remote attacker to perform a cross-site scripted attack...

GHSA-JCXM-7WVP-G6P5 Modified package published to npm, containing malware that exfiltrates private key material

Earlier today, a publish-access account was compromised for @solana/web3.js, a JavaScript library that is commonly used by Solana dapps. This allowed an attacker to publish unauthorized and malicious packages that were modified, allowing them to steal private key material and drain funds from...

CVE-2024-54134

A publish-access account was compromised for @solana/web3.js, a JavaScript library that is commonly used by Solana dapps. This allowed an attacker to publish unauthorized and malicious packages that were modified, allowing them to steal private key material and drain funds from dapps, like bots,...

CVE-2020-26306

Knwl.js is a Javascript library that parses through text for dates, times, phone numbers, emails, places, and more. Versions 1.0.2 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service ReDoS. As of time of publication, no known patches are...

CVE-2024-30875

Cross Site Scripting vulnerability in JavaScript Library jquery-ui v.1.13.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted payload to the window.addEventListener component...