EUVD-2025-11140

Malicious code in bioql PyPI...

GHSA-6Q87-84JW-CJHP @sveltejs/kit vulnerable to Cross-site Scripting via tracked search_params

Summary Unsanitized search param names cause XSS vulnerability. You are affected if you iterate over all entries of event.url.searchParams inside a server load function. Attackers can exploit it by crafting a malicious URL and getting a user to click a link with said URL. Details SvelteKit tracks...

SUSE CVE-2012-1152

Multiple format string vulnerabilities in the error reporting functionality in the YAML::LibYAML aka YAML-LibYAML and perl-YAML-LibYAML module 0.38 for Perl allow remote attackers to cause a denial of service process crash via format string specifiers in a 1 YAML stream to the Load function, 2 YA...

Huawei EulerOS: Security Advisory for PyYAML (EulerOS-SA-2021-2165)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization for ARM 64 3.0.2.0 : PyYAML (EulerOS-SA-2020-1948)

According to the versions of the PyYAML package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary cod...

DEBIAN-CVE-2019-20477

PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and loadall functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342...

CVE-2019-20477

PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and loadall functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342...

UBUNTU-CVE-2019-20477

PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and loadall functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342...

Deserialization of untrusted data

PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and loadall functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342...

Foxit Quick PDF Library Stack Buffer Overflow Vulnerability

Foxit Quick PDF Library is China's Foxit Foxit Software Corporation, a PDF SDK Software Development Kit. The product is mainly used to create, render and edit PDF documents. Foxit Quick PDF Library in the 'LoadFromFile', 'LoadFromString' and 'LoadFromStream ' functions in PDF Library contain a...