EUVD-2025-11140

Malicious code in bioql PyPI...

GHSA-6Q87-84JW-CJHP @sveltejs/kit vulnerable to Cross-site Scripting via tracked search_params

Summary Unsanitized search param names cause XSS vulnerability. You are affected if you iterate over all entries of event.url.searchParams inside a server load function. Attackers can exploit it by crafting a malicious URL and getting a user to click a link with said URL. Details SvelteKit tracks...

SUSE CVE-2012-1152

Multiple format string vulnerabilities in the error reporting functionality in the YAML::LibYAML aka YAML-LibYAML and perl-YAML-LibYAML module 0.38 for Perl allow remote attackers to cause a denial of service process crash via format string specifiers in a 1 YAML stream to the Load function, 2 YA...

Huawei EulerOS: Security Advisory for PyYAML (EulerOS-SA-2021-2165)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the implementation of functions LoadFromFile, LoadFromString, LoadFromStream, DAOpenFile, or DAOpenFileReadOnly in the PDF handling library “Quick PDF Library” allows a perpetrator to gain unauthorized access to protected information or cause service failures.

The vulnerability of the implementations of the LoadFromFile, LoadFromString, LoadFromStream, DAOpenFile, or DAOpenFileReadOnly functions in the PDF handling library is related to the occurrence of operations outside the buffer in memory when processing xref entries. Exploitation of this...

EulerOS Virtualization for ARM 64 3.0.2.0 : PyYAML (EulerOS-SA-2020-1948)

According to the versions of the PyYAML package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary cod...

DEBIAN-CVE-2019-20477

PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and loadall functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342...

Deserialization of untrusted data

PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and loadall functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342...

CVE-2019-20477

PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and loadall functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342...

UBUNTU-CVE-2019-20477

PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and loadall functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342...

Foxit Quick PDF Library Stack Buffer Overflow Vulnerability

Foxit Quick PDF Library is China's Foxit Foxit Software Corporation, a PDF SDK Software Development Kit. The product is mainly used to create, render and edit PDF documents. Foxit Quick PDF Library in the 'LoadFromFile', 'LoadFromString' and 'LoadFromStream ' functions in PDF Library contain a...