CVE-2023-50730

Grackle is a GraphQL server written in functional Scala, built on the Typelevel stack. The GraphQL specification requires that GraphQL fragments must not form cycles, either directly or indirectly. Prior to Grackle version 0.18.0, that requirement wasn't checked, and queries with cyclic fragments...

CVE-2025-23061

Mongoose before 8.9.5 can improperly use a nested $where filter with a populate match, leading to search injection. NOTE: this issue exists because of an incomplete fix for CVE-2024-53900...

Amazon Linux 2023 : python3.11, python3.11-devel, python3.11-idle (ALAS2023-2025-1356)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1356 advisory. When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorithm is quadratic. Availability can be impacted when building...

Medium: python3.12

Issue Overview: When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorithm is quadratic. Availability can be impacted when building excessively nested documents. CVE-2025-12084 When reading an HTTP response from a server, i...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000347)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000347 advisory. In the Linux kernel 4.15.x through 4.19.x before 4.19.2, mapwrite in kernel/usernamespace.c allows privilege escalation because it mishandles nested user namespaces...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000309)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000309 advisory. A use-after-free issue was found in the way the Linux kernel's KVM hypervisor processed posted interrupts when nested=1 virtualization is enabled. In...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000232)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000232 advisory. A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister MSR access with nested=1 virtualization enabled. In that, L1 guest could access...

SUSE-SU-2026:0025-1 Security update for python312

This update for python312 fixes the following issues: - CVE-2025-12084: quadratic complexity when building nested elements using xml.dom.minidom methods that depend on clearidcache can lead to availability issues when building excessively nested documents bsc1254997. - CVE-2025-13836: use of...

Allocation of Resources Without Limits or Throttling

Overview sqlatypemodel is a Typed JSON fields for SQLAlchemy with automatic mutation tracking Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to uncontrolled recursion when processing deeply nested JSON-like structures. An attacker can...

SQL Injection

Overview langchain-cloudflare is a Langchain Integrations for Cloudflare's WorkersAI and Vectorize Affected versions of this package are vulnerable to SQL Injection due to improper sanitization of nested metadata in D1 database operations. The d1upserttexts and ad1upserttexts methods construct SQ...

PT-2026-26755

Name of the Vulnerable Software and Affected Versions etcd versions prior to 3.4.42 etcd versions prior to 3.5.28 etcd versions prior to 3.6.9 Description An authenticated user with Role-Based Access Control RBAC restricted permissions on key ranges can bypass key-level authorization using nested...

PT-2026-25791

Name of the Vulnerable Software and Affected Versions Expat affected versions not specified Description The Expat parser, when used with a registered ElementDeclHandler, is susceptible to a C stack overflow when processing an inline document type definition with a deeply nested content model. Thi...

PT-2026-4468

Name of the Vulnerable Software and Affected Versions google.protobuf affected versions not specified Description A denial-of-service DoS issue exists in the ParseDict function within google.protobuf.json format in Python. The vulnerability occurs because the max recursion depth limit can be...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993161)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993161 advisory. In the Linux kernel, the following vulnerability has been resolved: USB: core: Prevent nested device-reset calls Automatic kernel fuzzing revealed a recursive lockin...

Unity Linux 20.1070e Security Update: python3 (UTSA-2025-993334)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993334 advisory. When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorithm is quadratic. Availability can b...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992282)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992282 advisory. In the Linux kernel, the following vulnerability has been resolved: USB: core: Prevent nested device-reset calls Automatic kernel fuzzing revealed a recursive lockin...

SUSE-SU-2025:4522-1 Security update for python39

This update for python39 fixes the following issues: - CVE-2025-12084: quadratic complexity when building nested elements using xml.dom.minidom methods that depend on clearidcache can lead to availability issues when building excessively nested documents bsc1254997. - CVE-2025-13836: use of...

CVE-2023-54054

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2025-68475

Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to versions 1.6.13, 1.7.14, 1.8.15, and 1.9.2, a Regular Expression Denial of Service ReDoS vulnerability exists in Fedify's document loader. The HTML parsing regex at...

CVE-2021-47713

Hasura GraphQL 1.3.3 contains a denial of service vulnerability that allows attackers to overwhelm the service by crafting malicious GraphQL queries with excessive nested fields. Attackers can send repeated requests with extremely long query strings and multiple threads to consume server resource...