GHSA-95H2-GJ7X-GX9W Unhead has a hasDangerousProtocol() bypass via leading-zero padded HTML entities in useHeadSafe()

EVIDENCE | Disclosed to Vercel H1 | 2026-03-22 no response after 12 days | | Cross-reported here | 2026-04-03 | --- Summary useHeadSafe is the composable that Nuxt's own documentation explicitly recommends for rendering user-supplied content in safely. Internally, the hasDangerousProtocol functio...

Incomplete List of Disallowed Inputs

Overview org.webjars.npm:unhead is a Full-stack manager built for any framework. Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the hasDangerousProtocol function though the usage of HtmlEntityHex and HtmlEntityDec RegExp. An attacker can inject malicio...

Incomplete List of Disallowed Inputs

Overview unhead is a Full-stack manager built for any framework. Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the hasDangerousProtocol function though the usage of HtmlEntityHex and HtmlEntityDec RegExp. An attacker can inject malicious URIs into the...

CVE-2026-39315 Unhead has a hasDangerousProtocol() bypass via leading-zero padded HTML entities in useHeadSafe()

Unhead is a document head and template manager. Prior to 2.1.13, useHeadSafe is the composable that Nuxt's own documentation explicitly recommends for rendering user-supplied content in safely. Internally, the hasDangerousProtocol function in packages/unhead/src/plugins/safe.ts decodes HTML...

CVE-2026-39315

Unhead (document head/template manager) contains a vulnerability in useHeadSafe() where hasDangerousProtocol() decodes HTML entities before blocked-scheme checks. The decoder uses two fixed-width regexes; HTML5 allows leading zeros in numeric character references, and when a padded entity exceeds...

CVE-2026-39315 Unhead has a hasDangerousProtocol() bypass via leading-zero padded HTML entities in useHeadSafe()

Unhead is a document head and template manager. Prior to 2.1.13, useHeadSafe is the composable that Nuxt's own documentation explicitly recommends for rendering user-supplied content in safely. Internally, the hasDangerousProtocol function in packages/unhead/src/plugins/safe.ts decodes HTML...

DEBIAN-CVE-2025-14505

The ECDSA implementation of the Elliptic package generates incorrect signatures if an interim value of 'k' as computed based on step 3.2 of RFC 6979 https://datatracker.ietf.org/doc/html/rfc6979 has leading zeros and is susceptible to cryptanalysis, which can lead to secret key exposure. This...

CVE-2025-14505

The CVE-2025-14505 entry concerns Elliptic’s ECDSA implementation. A fault in the ECDSA signing path occurs when the interim value of k (per RFC 6979 step 3.2) has leading zeros, causing the byte-length of k to be computed incorrectly and truncated. This can allow cryptanalytic leakage of the sec...

CVE-2025-14505 Elliptic Cryptanalysis vulnerability when `k` has leading zeros

The ECDSA implementation of the Elliptic package generates incorrect signatures if an interim value of 'k' as computed based on step 3.2 of RFC 6979 https://datatracker.ietf.org/doc/html/rfc6979 has leading zeros and is susceptible to cryptanalysis, which can lead to secret key exposure. This...

CVE-2025-14505

The ECDSA implementation of the Elliptic package generates incorrect signatures if an interim value of 'k' as computed based on step 3.2 of RFC 6979 https://datatracker.ietf.org/doc/html/rfc6979 has leading zeros and is susceptible to cryptanalysis, which can lead to secret key exposure. This...

PT-2026-1743

Name of the Vulnerable Software and Affected Versions Elliptic versions prior to 6.6.2 Description The ECDSA implementation within the Elliptic package produces incorrect signatures when an interim value of k calculated according to step 3.2 of RFC 6979 contains leading zeros, making it susceptib...

EUVD-2021-16395

Malware in sbrugna...

EUVD-2020-0168

Malware in sbrugna...

EUVD-2025-16304

Malicious code in bioql PyPI...

PT-2025-27144 · Unknown · Net::Ip::Lpm

Name of the Vulnerable Software and Affected Versions: Net::IP::LPM version 1.10 Description: The issue arises from the improper consideration of leading zero characters in IP CIDR address strings, potentially allowing attackers to bypass access control based on IP addresses. This confusion can...

CVE-2025-40911

CVE-2025-40911 affects Net::CIDR::Set for Perl versions 0.10–0.13, which misparses IP CIDR strings with leading zeros, allowing potential access-control bypass. Root cause: octal interpretation of leading zeros; Net::CIDR::Set derived code from Net::CIDR::Lite (CVE-2021-47154). Public details poi...

CVE-2025-40911 Net::CIDR::Set versions 0.10 through 0.13 for Perl does not properly consider leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based on IP addresses

Net::CIDR::Set versions 0.10 through 0.13 for Perl does not properly handle leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based on IP addresses. Leading zeros are used to indicate octal numbers, which can confuse users who are...

Address Spoofing

base-x is vulnerable to Address spoofing. The vulnerability is due to improper handling of leading zero bytes during encoding, which allows an attacker to create visually similar addresses and mislead users into sending funds to unintended recipients...

PT-2025-18320 · Base-X · Base-X

Name of the Vulnerable Software and Affected Versions: base-x versions prior to 3.0.11 base-x version 4.0.0 base-x version 5.0.0 Description: The issue allows attackers to potentially deceive users into sending funds to an unintended address. This is achieved through a problem in the base-x encod...

SUSE CVE-2024-48948

The Elliptic package 6.5.7 for Node.js, in its for ECDSA implementation, does not correctly verify valid signatures if the hash contains at least four leading 0 bytes and when the order of the elliptic curve's base point is smaller than the hash, because of an truncateToN anomaly. This leads to...