CVE-2026-42360

Apache Airflow CVE-2026-42360 describes a vulnerability in the rendered-template field handling where nested sensitive-keys (password/token/secret/api_key) could be exposed if the rendered field exceeded max_templated_field_length. The bug occurs because the structure is stringified before redact...

CVE-2026-42360

A bug in Apache Airflow's rendered-template field handling caused nested sensitive-key masking e.g. nested password / token / secret / apikey keys inside a JSON template structure to be bypassed when the rendered field exceeded core maxtemplatedfieldlength: Airflow stringified the structure befor...

PT-2026-45372

A bug in Apache Airflow's rendered-template field handling caused nested sensitive-key masking e.g. nested password / token / secret / api key keys inside a JSON template structure to be bypassed when the rendered field exceeded core max templated field length: Airflow stringified the structure...

Apache Airflow information leakage vulnerability

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. Versions of Apache Airflow prior to 3.2.2 contained a security vulnerability known as information leakage. This vulnerability...

Prototype Pollution

deepHas is vulnerable to Prototype Pollution. The vulnerability is due to unsafe handling of nested object keys, where attacker-controlled input can modify properties on JavaScript prototypes, allowing global object behavior to be altered in applications using deephas...

Prototype Pollution

messageformat is vulnerable to Prototype Pollution. The vulnerability is due to improper handling of nested message keys containing special characters such as proto, which allows an attacker to inject arbitrary properties into the global object prototype, potentially leading to denial of service ...

Prototype Pollution

@messageformat/runtime is vulnerable to Prototype Pollution. The vulnerability is due to insufficient validation of nested message keys during message data processing, which allows an attacker to inject arbitrary properties into the Object prototype and cause denial of service or unexpected...

EUVD-2025-31065

Malicious code in bioql PyPI...

EUVD-2025-31039

Malicious code in bioql PyPI...

CVE-2025-57349

The messageformat package, an implementation of the Unicode MessageFormat 2 specification for JavaScript, is vulnerable to prototype pollution due to improper handling of message key paths in versions prior to 2.3.0. The flaw arises when processing nested message keys containing special character...

GHSA-XFQM-J7PC-XRFC messageformat has a prototype pollution vulnerability

The messageformat package, an implementation of the Unicode MessageFormat 2 specification for JavaScript, is vulnerable to prototype pollution due to improper handling of message key paths in versions prior to 2.3.0. The flaw arises when processing nested message keys containing special character...

messageformat has a prototype pollution vulnerability

The messageformat package, an implementation of the Unicode MessageFormat 2 specification for JavaScript, is vulnerable to prototype pollution due to improper handling of message key paths in versions prior to 2.3.0. The flaw arises when processing nested message keys containing special character...

CVE-2025-57349

The messageformat package, an implementation of the Unicode MessageFormat 2 specification for JavaScript, is vulnerable to prototype pollution due to improper handling of message key paths in versions prior to 2.3.0. The flaw arises when processing nested message keys containing special character...

CVE-2025-57349

The messageformat package, an implementation of the Unicode MessageFormat 2 specification for JavaScript, is vulnerable to prototype pollution due to improper handling of message key paths in versions prior to 2.3.0. The flaw arises when processing nested message keys containing special character...

messageformat prototype pollution vulnerability

The Runtime components of messageformat package for Node.js version 3.0.1 contain a prototype pollution vulnerability. Due to insufficient validation of nested message keys during the processing of message data, an attacker can manipulate the prototype chain of JavaScript objects by providing...

GHSA-6XV4-9CQP-92RH messageformat prototype pollution vulnerability

The Runtime components of messageformat package for Node.js version 3.0.1 contain a prototype pollution vulnerability. Due to insufficient validation of nested message keys during the processing of message data, an attacker can manipulate the prototype chain of JavaScript objects by providing...

CVE-2025-57353

The Runtime components of messageformat package for Node.js before 3.0.2 contain a prototype pollution vulnerability. Due to insufficient validation of nested message keys during the processing of message data, an attacker can manipulate the prototype chain of JavaScript objects by providing...

PT-2025-39330

Name of the Vulnerable Software and Affected Versions messageformat versions prior to 2.3.0 Description The messageformat package, a JavaScript implementation of the Unicode MessageFormat 2 specification, contains a flaw related to improper handling of message key paths. This can lead to prototyp...

PT-2025-39317

Name of the Vulnerable Software and Affected Versions messageformat versions prior to 3.0.1 Description The Runtime components of the messageformat package for Node.js are susceptible to a prototype pollution issue. Insufficient validation of nested message keys during message data processing...

CVE-2025-57353

CVE-2025-57353 affects the Runtime components of the Node.js messageformat package (versions before 3.0.2). The issue is a prototype pollution vulnerability caused by insufficient validation of nested message keys during processing, allowing an attacker to modify Object.prototype and inject arbit...