Lucene search
K

18 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-1092

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.01025EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-1089

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00962EPSS
Exploits1References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-1251

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00744EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2024/05/24 12:0 a.m.4 views

PT-2024-4061

Name of the Vulnerable Software and Affected Versions: mysql2 versions prior to 3.9.8 Description: The issue is related to improper user input sanitization passed to fields and tables when using nestTables, leading to Prototype Pollution. This can allow a remote attacker to implement a Prototype...

8.5CVSS7.7AI score0.03114EPSS
Exploits0References17
vulnersOsv
vulnersOsv
added 2024/04/23 6:30 a.m.3 views

0data (=1.0.0), 1.1.1-version (=1.0.0) +8622 more potentially affected by CVE-2024-21511 via mysql2 (>=0.11.8 <=3.9.6)

mysql2 NPM version =0.11.8, =0.0.27, =1.0.0, =0.0.4, =0.0.1, =0.0.2, =1.0.0, =0.0.1-alpha.5, =0.0.1-alpha.6 - @142vip/egg-grpc-client =0.0.1-alpha.4 and more Source cves: CVE-2024-21511 Source advisory: OSV:GHSA-4RCH-2FH8-94VW...

9.8CVSS7.7AI score0.01025EPSS
Exploits0
CNNVD
CNNVD
added 2024/04/23 12:0 a.m.3 views

mysql2 安全漏洞

MySQL2 is a MySQL client for Node.js by Andrey Sidorov, a personal developer. A security vulnerability exists in mysql2 2 versions prior to 3.9.7, which originates from an arbitrary code injection via an incorrect cleanup of the timezone parameter in the readCodeFor function by calling the native...

9.8CVSS7.6AI score0.01025EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2024/04/21 11:12 a.m.3 views

0data (=1.0.0), 1.1.1-version (=1.0.0) +5447 more potentially affected by CVE-2024-21511 via mysql2 (>=3.0.0-rc.1 <=3.9.6)

mysql2 NPM version =3.0.0-rc.1, =1.0.0, =0.0.4, =0.0.1, =1.0.0, =0.0.1-alpha.5, =0.0.1-alpha.4, =0.0.1-alpha.1, =0.1.6-alpha.2, =0.0.8, =0.0.166 and more Source cves: CVE-2024-21511 Source advisory: SNYK:JS-MYSQL2-6670046...

9.8CVSS7.7AI score0.01025EPSS
Exploits0
Snyk
Snyk
added 2024/04/21 11:12 a.m.1 views

Arbitrary Code Injection

Overview mysql2 is a mostly API compatible with mysqljs and supports majority of features. Affected versions of this package are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time...

9.8CVSS7.1AI score0.01025EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2024/04/11 6:30 a.m.4 views

0data (=1.0.0), 1.1.1-version (=1.0.0) +8621 more potentially affected by CVE-2024-21508 via mysql2 (>=0.11.8 <=3.9.3)

mysql2 NPM version =0.11.8, =0.0.27, =1.0.0, =0.0.4, =0.0.1, =0.0.2, =1.0.0, =0.0.1-alpha.5, =0.0.1-alpha.6 - @142vip/egg-grpc-client =0.0.1-alpha.4 and more Source cves: CVE-2024-21508 Source advisory: OSV:GHSA-FPW7-J2HG-69V5...

9.8CVSS7.7AI score0.02554EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2024/04/10 3:30 p.m.3 views

0data (=1.0.0), 1.1.1-version (=1.0.0) +8620 more potentially affected by CVE-2024-21507 via mysql2 (>=0.11.8 <=3.9.2)

mysql2 NPM version =0.11.8, =0.0.27, =1.0.0, =0.0.4, =0.0.1, =0.0.2, =1.0.0, =0.0.1-alpha.5, =0.0.1-alpha.6 - @142vip/egg-grpc-client =0.0.1-alpha.4 and more Source cves: CVE-2024-21507 Source advisory: OSV:GHSA-MQR2-W7WJ-JJGR...

6.5CVSS6.5AI score0.00744EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2024/04/10 3:30 p.m.4 views

0data (=1.0.0), 1.1.1-version (=1.0.0) +8621 more potentially affected by CVE-2024-21509 via mysql2 (>=0.11.8 <=3.9.3)

mysql2 NPM version =0.11.8, =0.0.27, =1.0.0, =0.0.4, =0.0.1, =0.0.2, =1.0.0, =0.0.1-alpha.5, =0.0.1-alpha.6 - @142vip/egg-grpc-client =0.0.1-alpha.4 and more Source cves: CVE-2024-21509 Source advisory: OSV:GHSA-49J4-86M8-Q2JW...

6.5CVSS6.5AI score0.00962EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2024/04/10 12:0 a.m.2 views

PT-2024-18922 · Mysql2 · Mysql2

Name of the Vulnerable Software and Affected Versions: mysql2 versions prior to 3.9.3 Description: The issue is related to Improper Input Validation through the keyFromFields function, resulting in cache poisoning. An attacker can inject a colon : character within a value of the attacker-crafted...

6.9CVSS6.3AI score0.00744EPSS
Exploits1References10
CNNVD
CNNVD
added 2024/04/10 12:0 a.m.5 views

MySQL2 安全漏洞

MySQL2 is a MySQL client for Node.js by the individual developer Andrey Sidorov. A security vulnerability exists in MySQL2 versions prior to 3.9.4 that stems from improper cleaning of user input...

6.5CVSS6.3AI score0.00962EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2024/04/10 12:0 a.m.3 views

PT-2024-18923 · Mysql2 · Mysql2

Name of the Vulnerable Software and Affected Versions: mysql2 versions prior to 3.9.4 Description: The issue is related to Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through parserFn in text parser.js and binary parser.js...

6.9CVSS6.2AI score0.00962EPSS
Exploits1References13
vulnersOsv
vulnersOsv
added 2024/04/08 9:29 a.m.3 views

0data (=1.0.0), 1.1.1-version (=1.0.0) +5440 more potentially affected by CVE-2024-21507 via mysql2 (>=3.0.0-rc.1 <=3.9.2)

mysql2 NPM version =3.0.0-rc.1, =1.0.0, =0.0.4, =0.0.1, =1.0.0, =0.0.1-alpha.5, =0.0.1-alpha.4, =0.0.1-alpha.1, =0.1.6-alpha.2, =0.0.8, =0.0.166 and more Source cves: CVE-2024-21507 Source advisory: SNYK:JS-MYSQL2-6591300...

6.5CVSS6.5AI score0.00744EPSS
Exploits1
Snyk
Snyk
added 2024/04/08 9:29 a.m.2 views

Use of Web Browser Cache Containing Sensitive Information

Overview mysql2 is a mostly API compatible with mysqljs and supports majority of features. Affected versions of this package are vulnerable to Use of Web Browser Cache Containing Sensitive Information through the keyFromFields function, resulting in cache poisoning. An attacker can inject a colon...

6.5CVSS6.8AI score0.00744EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2024/04/07 4:57 p.m.5 views

0data (=1.0.0), 1.1.1-version (=1.0.0) +5444 more potentially affected by CVE-2024-21508 via mysql2 (>=3.0.0-rc.1 <=3.9.3)

mysql2 NPM version =3.0.0-rc.1, =1.0.0, =0.0.4, =0.0.1, =1.0.0, =0.0.1-alpha.5, =0.0.1-alpha.4, =0.0.1-alpha.1, =0.1.6-alpha.2, =0.0.8, =0.0.166 and more Source cves: CVE-2024-21508 Source advisory: SNYK:JS-MYSQL2-6591085...

9.8CVSS7.7AI score0.02554EPSS
Exploits0
Snyk
Snyk
added 2024/04/03 5:3 p.m.2 views

Prototype Poisoning

Overview mysql2 is a mostly API compatible with mysqljs and supports majority of features. Affected versions of this package are vulnerable to Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through parserFn in textparser.js and...

6.5CVSS7.2AI score0.00962EPSS
Exploits1References2
Rows per page
Query Builder