Stored Cross-Site Scripting (XSS)

n8n is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper sandbox enforcement when the “Respond to Webhook” node returns HTML content with executable scripts, which allows an attacker with workflow creation privileges to execute arbitrary JavaScript in the context...

Open Redirect

React Router is vulnerable to Open Redirect. The vulnerability is due to unsafe handling of SPA navigation redirects generated from loaders or actions in certain modes, which allows an attacker to inject untrusted redirect URLs and trigger unintended JavaScript execution on the client...

EUVD-2026-1973

Malicious code in inquirer-js npm...

EUVD-2026-1969

Malicious code in immer-js npm...

MAL-2026-222 Malicious code in huggingface-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ddd4d756fe7df1a0ac3caf862d744269bc2e1c1b49d8a4e12c702ded81b75dbf The package huggingface-js was found to contain malicious code. Source: ghsa-malware 9240da3d6ad3248bf99f72ea626c3562d3614a363647cad28a5468f16e73b885...

EUVD-2026-1978

Malicious code in milvus-js npm...

EUVD-2026-1979

Malicious code in huggingface-js npm...

EUVD-2026-1929

An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges and obtain sensitive information via a crafted js file...

CVE-2025-46067

An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges and obtain sensitive information via a crafted js file...

opencode 安全漏洞

opencode is an AI programming intelligence open-sourced by Anomaly. A security vulnerability exists in versions prior to opencode 1.1.10, which stems from the Markdown renderer not cleaning up the LLM response, and could lead to the execution of JavaScript via HTML injection...

CVE-2025-46067

An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges and obtain sensitive information via a crafted js file...

Automai Director 安全漏洞

Automai Director is a centralized automation management console from Automai Corporation. A security vulnerability exists in Automai Director version 25.2.0, which can be exploited by a remote attacker to elevate privileges and gain access to sensitive information via a specially crafted js file...

Linux Distros Unpatched Vulnerability : CVE-2025-59840

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In Vega prior to version 6.2.0,...

CVE-2025-46067

CVE-2025-46067 affects Automai Director v25.2.0. The issue allows a remote attacker to escalate privileges and access sensitive information via a specially crafted JavaScript file. Evidence from multiple sources confirms the affected product/version and the nature of the impact, described as priv...

InvisibleJS JavaScript Hiding Tool

Welcome to InvisibleJS, an experimental tool for hiding your JavaScript source code in plain sight using zero-width characters. This repository features two distinct versions of the obfuscator, tailored for different execution environments...

Label Studio 访问控制错误漏洞

Label Studio is an open source data labeling tool from Heartex Open Source. Allows you to use a simple and clear UI mark audio, text, images, video and time series and other data types , and exported to a variety of model formats. An access control error vulnerability exists in Label Studio 1.22....

PT-2026-2316

Name of the Vulnerable Software and Affected Versions OpenCode versions prior to 1.1.10 Description The software is an open source AI coding agent. The markdown renderer used for responses from large language models inserts arbitrary HTML into the Document Object Model DOM without sanitization...

PT-2026-2274

Name of the Vulnerable Software and Affected Versions Automai Director version 25.2.0 Description An issue in Automai Director version 25.2.0 allows a remote attacker to escalate privileges and obtain sensitive information through a crafted js file. Recommendations At the moment, there is no...

Linux Distros Unpatched Vulnerability : CVE-2023-26486

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. The Vega scale expression function ha...

Exploit for CVE-2024-28397

js2py Sandbox Escape CVE-2024-28397 Exploit para ejecución...