407 matches found
karma-runner (=6.4.5), moment-om (=2.30.3) potentially affected by unknown CVE via get-package-lint (=0.1.0)
get-package-lint NPM version =0.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on get-package-lint and may be impacted: - karma-runner =6.4.5 - moment-om =2.30.3 Source cves: unknown CVE Source advisory: OSV:MAL-2026-4572...
CVE-2026-44903 vulnerabilities
Vulnerabilities for packages: jaeger, minio-object-browser, tempo, telegraf, prometheus, amazon-cloudwatch-agent-operator, karma, mc, loki, minio, datadog-agent, opentelemetry-collector, splunk-otel-collector, cloud-sql-proxy, metrics-server, prometheus-pushgateway, fluent-bit-plugin-loki,...
CVE-2026-40179 vulnerabilities
Vulnerabilities for packages: jaeger, minio-object-browser, tempo, telegraf, prometheus, karma, mc, loki, minio, datadog-agent, splunk-otel-collector, minio-operator, cloud-sql-proxy, prometheus-pushgateway, trillian, istio, keda, mcp-grafana, node-problem-detector, certificate-transparency...
GHSA-VFFH-X6R8-XX99 vulnerabilities
Vulnerabilities for packages: jaeger, minio-object-browser, tempo, telegraf, prometheus, karma, mc, loki, minio, datadog-agent, splunk-otel-collector, minio-operator, cloud-sql-proxy, prometheus-pushgateway, trillian, istio, keda, mcp-grafana, node-problem-detector, certificate-transparency...
GHSA-FV83-X2XW-2J55 vulnerabilities
Vulnerabilities for packages: nodetaint-fips, aws-iam-authenticator, polaris-fips, commercial-chainloop-backend, kube-logging-logging-operator, sealed-secrets-fips, sftpgo-plugin-eventsearch, newrelic-infra-operator, ingress-nginx-controller, dkron, victorialogs-fips, eks-node-monitoring-agent,...
CVE-2026-33810 vulnerabilities
Vulnerabilities for packages: nodetaint-fips, aws-iam-authenticator, polaris-fips, commercial-chainloop-backend, kube-logging-logging-operator, sealed-secrets-fips, sftpgo-plugin-eventsearch, newrelic-infra-operator, ingress-nginx-controller, dkron, victorialogs-fips, eks-node-monitoring-agent,...
CVE-2026-32283 vulnerabilities
Vulnerabilities for packages: trivy, knative-net-istio-fips, kapp, datadog-agent, influxd, caddy, commercial-chainloop-backend, crossplane-provider-azure-managedidentity, prometheus-pushgateway-fips, http-echo, gatus-fips, kube-bench, custom-pod-autoscaler-fips, ingress-nginx-controller,...
CLEANSTART-2026-OH74241 Security fixes for GHSA-MQQF-5WVP-8FH8 applied in versions: 0.122-r0
Security vulnerability affects the karma-fips package. This issue is resolved in later releases. See references for vulnerability details...
CVE-2026-25236
PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection risk exists in karma queries due to unsafe literal substitution for an IN ... list. This issue has been patched in version 1.33.0...
CVE-2026-25236
PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection risk exists in karma queries due to unsafe literal substitution for an IN ... list. This issue has been patched in version 1.33.0...
CVE-2026-25236
PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection risk exists in karma queries due to unsafe literal substitution for an IN ... list. This issue has been patched in version 1.33.0...
UBUNTU-CVE-2026-25236
PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection risk exists in karma queries due to unsafe literal substitution for an IN ... list. This issue has been patched in version 1.33.0...
CVE-2026-25236
CVE-2026-25236 affects the PEAR PHP framework. The vulnerability is a SQL injection risk in karma queries caused by unsafe literal substitution for an IN (...) list. Root cause: unsafe literal handling in Karma DAMBLAN-related queries prior to version 1.33.0. Impact: potential SQL injection. Miti...
CVE-2026-25236
PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection risk exists in karma queries due to unsafe literal substitution for an IN ... list. This issue has been patched in version 1.33.0...
EUVD-2026-5199
PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection risk exists in karma queries due to unsafe literal substitution for an IN ... list. This issue has been patched in version 1.33.0...
CVE-2026-25236 PEAR is Vulnerable to SQL Injection in Damblan_Karma IN() Query via Literal Substitution
PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection risk exists in karma queries due to unsafe literal substitution for an IN ... list. This issue has been patched in version 1.33.0...
CVE-2026-25236 PEAR is Vulnerable to SQL Injection in Damblan_Karma IN() Query via Literal Substitution
PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection risk exists in karma queries due to unsafe literal substitution for an IN ... list. This issue has been patched in version 1.33.0...
CVE-2026-25236 PEAR is Vulnerable to SQL Injection in Damblan_Karma IN() Query via Literal Substitution
PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection risk exists in karma queries due to unsafe literal substitution for an IN ... list. This issue has been patched in version 1.33.0...
PT-2026-6285
PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection risk exists in karma queries due to unsafe literal substitution for an IN ... list. This issue has been patched in version 1.33.0...
CVE-2020-7626
karma-mojo through 1.0.1 is vulnerable to Command Injection. It allows execution of arbitrary commands via the config argument...