Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the magick -distribute-cache process. An attacker can cause a heap buffer overwrite in the server process by connecting to the service. Remediation A fix was pushed into the master branch but not yet...

Insufficient Session Expiration

Overview nocodb is a NocoDB Affected versions of this package are vulnerable to Insufficient Session Expiration through the ApiToken delete path in the token management code. An attacker can keep using a deleted API token by deleting it while the cache entry remains keyed under the token value,...

Allocation of Resources Without Limits or Throttling

Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the Buffer.alloc family in lib/setup-sandbox.js. An attacker can crash t...

Server-side Request Forgery (SSRF)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the isSSRFSafeURL process. An attacker can access sensitive internal resources and exfiltrate data by supplying a crafted URL...

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the loadpnm process. An attacker can cause a heap buffer overflow by supplying a crafted PNM/PGM/PPM file with large dimension values that trigger an integer overflow during size computation, leading to...

Integer Overflow or Wraparound

Overview github.com/apache/thrift/lib/go/thrift is a Go implementation of the Apache Thrift library. Affected versions of this package are vulnerable to Integer Overflow or Wraparound due to improper handling of integer values in the TFramedTransport function on 32-bit architectures. An attacker...

Incorrect Authorization

Overview @openclaw/feishu is an OpenClaw Feishu/Lark channel plugin community maintained by @m1heng Affected versions of this package are vulnerable to Incorrect Authorization through the Feishu card-action callback process. An attacker can bypass intended policy restrictions by crafting a...

Incomplete List of Disallowed Inputs

Overview Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via the Twig sandbox security policy, which permits database write operations even when safe mode is enabled. An attacker with Developer permissions can modify, insert, or delete data in any database...

Improper Validation of Specified Index, Position, or Offset in Input

Overview Affected versions of this package are vulnerable to Improper Validation of Specified Index, Position, or Offset in Input due to accepting external output buffers but not rejecting out-of-range writes small buf or large offset. This inconsistency allows silent partial writes into...

Access of Resource Using Incompatible Type ('Type Confusion')

Overview Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' while handling a specially crafted XML Schema Definition XSD validated document containing an internal entity reference. An attacker can cause the application to crash by...

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion via the FX expression parser. An attacker can cause the application to crash by supplying a deeply nested expression. Remediation A fix was pushed into the master branch but not yet published. References - GitHub...

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in the XMP profile handling process. An attacker can cause a crash by providing a specially crafted image file that triggers the reading and printing of values from an invalid XMP profile. Remediation A fix was pushed int...

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion in the DestroyXMLTree function. An attacker can cause the application to exhaust stack memory and terminate unexpectedly by submitting an XML file with deeply nested structures. Remediation A fix was pushed into t...

Improper Encoding or Escaping of Output

Overview org.apache.logging.log4j:log4j-core is a logging library for Java. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output in the Log4j1XmlLayout plugin. An attacker can cause log events to be silently lost or downstream log processing systems to drop ...

Buffer Over-read

Overview Affected versions of this package are vulnerable to Buffer Over-read in the MatchDomainName function during wildcard hostname validation when the LEFTMOSTWILDCARDONLY flag is active. An attacker can cause a crash by supplying a crafted hostname that exhausts the entire string, resulting ...

Arbitrary Command Injection

Overview metagpt is a The Multi-Agent Framework Affected versions of this package are vulnerable to Arbitrary Command Injection via the Bash.run method in metagpt/tools/libs/terminal.py. An attacker can execute arbitrary operating system commands by supplying crafted input remotely. Remediation A...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the GraphQL API when a large number of mutations or queries are included in a single request using aliases or by chaining multiple mutations. An attacker can cause excessive...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the dolayersurface process when pixel index values from decoded XCF tile data are used directly as colormap indices without validation against the colormap size. An attacker can cause heap out-of-bounds reads and...

Server-side Request Forgery (SSRF)

Overview prompts.chat is a Developer toolkit for AI prompts - build, validate, parse, and connect to prompts.chat Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the Wiro media-generate plugin. An attacker can access internal network resources and exfiltra...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the resource handler. An attacker can gain unauthorized access and modify application resources across the entire controller by leveraging authenticated access as a user, machine, or controller. Remediation A...