Astra Linux - уязвимость в node-ini

This affects the package ini before version 1.3.6. If an attacker submits a malicious INI file to an application that parses it using ini.parse, they will corrupt the prototype within the application. This can be further exploited depending on the context...

RSEC-2026-0 Cross-site Request Forgery (CSRF) vulnerability

The widgetframe R package is exposed to a vulnerability due to its use of the Pym.js library version 1.3.1. This can result in arbitrary javascript code execution...

CVE-2026-2391

Summary The arrayLimit option in qs does not enforce limits for comma-separated values when comma: true is enabled, allowing attackers to cause denial-of-service via memory exhaustion. This is a bypass of the array limit enforcement, similar to the bracket notation bypass addressed in...

EUVD-2026-3274

Malicious code in viem-js npm...

EUVD-2025-114811

Malicious code in csrf-uglify-js-library-procyon npm...

EUVD-2025-5079

Malicious code in bioql PyPI...

EUVD-2023-0664

Malicious code in bioql PyPI...

EUVD-2023-0694

Malicious code in bioql PyPI...

EUVD-2022-7026

Malicious code in bioql PyPI...

CVE-2025-48370

auth-js is an isomorphic Javascript library for Supabase Auth. Prior to version 2.70.0, the library functions getUserById, deleteUser, updateUserById, listFactors and deleteFactor did not require the user supplied values to be valid UUIDs. This could lead to a URL path traversal, resulting in the...

CVE-2025-48370

CVE-2025-48370 affects the auth-js library (Supabase Auth). Before 2.69.1, functions getUserById, deleteUser, updateUserById, listFactors and deleteFactor did not require UUIDs for user-controlled inputs, enabling potential URL path traversal and invocation of the wrong API function. The issue ta...

PT-2025-23011 · Auth-Js · Auth-Js

Name of the Vulnerable Software and Affected Versions: auth-js versions prior to 2.69.1 Description: The issue concerns the auth-js library, an isomorphic Javascript library for Supabase Auth. Prior to version 2.69.1, certain library functions such as getUserById, deleteUser, updateUserById,...

Linux Distros Unpatched Vulnerability : CVE-2023-46233

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at...

MAL-2025-1121 Malicious code in facebook-pixel-wordpress-js-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c3d88b8d260c2076030d62c623d5ba25ef3707962091c0e2a0c124f2610fd37d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

GHSA-68QG-G787-3RP5 Knwl.js Regular Expression Denial of Service vulnerability

Knwl.js is a Javascript library that parses through text for dates, times, phone numbers, emails, places, and more. Versions 1.0.2 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service ReDoS. As of time of publication, no known patches are...

AZL-13604 CVE-2023-23936 affecting package nodejs for versions less than 16.19.1-1

Undici is an HTTP/1.1 client for Node.js. Starting with version 2.0.0 and prior to version 5.19.1, the undici library does not protect host HTTP header from CRLF injection vulnerabilities. This issue is patched in Undici v5.19.1. As a workaround, sanitize the headers.host string before passing to...

Duplicate advisory: Sequelize - Unsafe fall-through in getWhereConditions

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-vqfx-gj96-3w95. This link is maintained to preserve external references. Original Description Due to improper parameter filtering in the sequalize js library, can a attacker peform injection...

CVE-2023-22579

Due to improper parameter filtering in the sequalize js library, can a attacker peform injection...

CVE-2023-22578

Due to improper artibute filtering in the sequalize js library, can a attacker peform SQL injections...

PT-2023-18565 · Sequelize · Sequelize

Name of the Vulnerable Software and Affected Versions: sequelize js library affected versions not specified Description: The issue is related to improper input filtering in the sequelize js library, which can lead to sensitive information disclosure when malicious queries are executed...