CVE-2026-27953

ormar is a async mini ORM for Python. Versions 0.23.0 and below are vulnerable to Pydantic validation bypass through the model constructor, allowing any unauthenticated user to skip all field validation by injecting "pkonly": true into a JSON request body. By injecting "pkonly": true into a JSON...

Uncontrolled Recursion

express-xss-sanitizer is vulnerable to uncontrolled recursion. The vulnerability is due to an unbounded recursion depth in the sanitize function in lib/sanitize.js when processing a JSON request body, which allows an attacker to cause a denial of service by triggering infinite recursion...

CVE-2025-59364

The express-xss-sanitizer aka Express XSS Sanitizer package through 2.0.0 for Node.js has an unbounded recursion depth in sanitize in lib/sanitize.js for a JSON request body...

CVE-2025-59364

The express-xss-sanitizer aka Express XSS Sanitizer package through 2.0.0 for Node.js has an unbounded recursion depth in sanitize in lib/sanitize.js for a JSON request body...

PT-2025-37434

Name of the Vulnerable Software and Affected Versions express-xss-sanitizer versions through 2.0.0 Description The express-xss-sanitizer package contains an unbounded recursion depth in the sanitize function located in lib/sanitize.js when processing a JSON request body. Recommendations Update to...