105 matches found
CVE-2023-30792
Anchor tag hrefs in Lexical prior to v0.10.0 would render javascript: URLs, allowing for cross-site scripting on link clicks in cases where input was being parsed from untrusted sources...
CVE-2025-32792 ses's global contour bindings leak into Compartment lexical scope
SES safely executes third-party JavaScript 'strict' mode programs in compartments that have no excess authority in their global scope. Prior to version 1.12.0, web pages and web extensions using ses and the Compartment API to evaluate third-party code in an isolated execution environment that hav...
GHSA-H9W6-F932-GQ62 ses's global contour bindings leak into Compartment lexical scope
Impact Web pages and web extensions using ses and the Compartment API to evaluate third-party code in an isolated execution environment that have also elsewhere used const, let, and class bindings in the top-level scope of a tag will have inadvertently revealed these bindings in the lexical scope...
Malicious code in eslint-plugin-lexical (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 760c1ce48f24649d849a333e359e0a3f348f36df412163d82b89e8fc552625f8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-2670 Malicious code in eslint-plugin-lexical (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 760c1ce48f24649d849a333e359e0a3f348f36df412163d82b89e8fc552625f8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in lexical-esm-nextjs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 808bb38341306bbd08d655abd9928c5cf279412658db15774579d78f195f5a39 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
GHSA-X8JH-XJ3X-GX3C `fast-float` has multiple soundness issues
fast-float contains multiple soundness issues: 1. Undefined behavior when checking input length, which has been merged but no package pubished. 1. Many functions marked as safe with non-local safety guarantees The library is also unmaintained. Alternatives For quickly parsing floating-point numbe...
Multiple soundness issues
fast-float contains multiple soundness issues: 1. Undefined behavior when checking input length, which has been merged but no package pubished. 1. Many functions marked as safe with non-local safety guarantees The library is also unmaintained. Alternatives For quickly parsing floating-point numbe...
BrandoCulqi (=1.0.1), IMAPServer (=0.1.0) +2299 more potentially affected by unknown CVE via lexical-core (>=0.1.3 <=0.8.5)
lexical-core CARGO version =0.1.3, =1.0.0, =1.0.1, =0.10.0-dev0, =0.2.0, =0.1.0, =0.2.0, =0.1.1, =0.5.1, =0.1.0, =0.1.0, =0.2.0, =0.3.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-2326-PFPJ-VX3H...
lexical-core has multiple soundness issues
RUSTSEC-2024-0377 contains multiple soundness issues: 1. Bytes::read allows creating instances of types with invalid bit patterns 1. BytesIter::read advances iterators out of bounds 1. The BytesIter trait has safety invariants but is public and not marked unsafe 1. writefloat calls...
GHSA-2326-PFPJ-VX3H lexical-core has multiple soundness issues
RUSTSEC-2024-0377 contains multiple soundness issues: 1. Bytes::read allows creating instances of types with invalid bit patterns 1. BytesIter::read advances iterators out of bounds 1. The BytesIter trait has safety invariants but is public and not marked unsafe 1. writefloat calls...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference due to an erroneous lexical scope of this with eval. An attacker can cause a denial of service or potentially execute arbitrary code by triggering a NULL pointer dereference. PoC c function foo function Bar clas...
CVE-2023-48183
QuickJS before c4cdd61 has a buildforiniterator NULL pointer dereference because of an erroneous lexical scope of "this" with eval...
CVE-2023-48183
QuickJS before c4cdd61 has a buildforiniterator NULL pointer dereference because of an erroneous lexical scope of "this" with eval...
CVE-2023-48183
QuickJS before c4cdd61 has a buildforiniterator NULL pointer dereference because of an erroneous lexical scope of "this" with eval...
UBUNTU-CVE-2023-48183
QuickJS before c4cdd61 has a buildforiniterator NULL pointer dereference because of an erroneous lexical scope of "this" with eval...
QuickJS 安全漏洞
QuickJS is a small and embeddable Javascript engine. A security vulnerability exists in versions of QuickJS prior to c4cdd61, which stems from a lexical scoping error in this with eval, resulting in a null pointer dereference vulnerability...
CVE-2023-48183
QuickJS before c4cdd61 has a buildforiniterator NULL pointer dereference because of an erroneous lexical scope of "this" with eval...
CVE-2023-48183
QuickJS before c4cdd61 has a buildforiniterator NULL pointer dereference because of an erroneous lexical scope of "this" with eval...
CVE-2023-48183
CVE-2023-48183 affects QuickJS prior to commit c4cdd61. The vulnerability stems from an erroneous lexical scope of the value of this with eval, causing a NULL pointer dereference in build_for_in_iterator. Documented impact includes possible crashes/denial of service and potential arbitrary code e...