CVE-2026-39956

jq is a command-line JSON processor. In commits after 69785bf77f86e2ea1b4a20ca86775916889e91c9, the strindices builtin in jq's src/builtin.c passes its arguments directly to jvstringindexes without verifying they are strings, and jvstringindexes in src/jv.c relies solely on assert checks that are...

OESA-2025-2686 python-ldap security update

python-ldap: python-ldap provides an object-oriented API to access LDAP directory servers from Python programs. Mainly it wraps the OpenLDAP 2.x libs for that purpose. Additionally the package contains modules for other LDAP-related stuff e.g. processing LDIF, LDAPURLs, LDAPv3 schema, LDAPv3...

CVE-2025-61911

python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitization method ldap.filter.escapefilterchars can be tricked to skip escaping of special characters when a crafted list or dict is supplied as the assertionvalue parameter, and t...

CVE-2025-61911 python-ldap has sanitization bypass in ldap.filter.escape_filter_chars

python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitization method ldap.filter.escapefilterchars can be tricked to skip escaping of special characters when a crafted list or dict is supplied as the assertionvalue parameter, and t...

EUVD-2025-33797

python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitization method ldap.filter.escapefilterchars can be tricked to skip escaping of special characters when a crafted list or dict is supplied as the assertionvalue parameter, and t...

Improper Handling of Exceptional Conditions

Overview llama-index-core is an Interface between LLMs and your data Affected versions of this package are vulnerable to Improper Handling of Exceptional Conditions via the streamcomplete method of the LangChainLLM class. An attacker can disrupt service availability by providing an input of type...

CVE-2022-25872

All versions of package fast-string-search are vulnerable to Out-of-bounds Read due to incorrect memory freeing and length calculation for any non-string input as the source. This allows the attacker to read previously allocated memory...

Out-of-bounds

All versions of package fast-string-search are vulnerable to Out-of-bounds Read due to incorrect memory freeing and length calculation for any non-string input as the source. This allows the attacker to read previously allocated memory...

CVE-2022-25872 Out-of-bounds Read

All versions of package fast-string-search are vulnerable to Out-of-bounds Read due to incorrect memory freeing and length calculation for any non-string input as the source. This allows the attacker to read previously allocated memory...

CVE-2022-25872

All versions of package fast-string-search are vulnerable to Out-of-bounds Read due to incorrect memory freeing and length calculation for any non-string input as the source. This allows the attacker to read previously allocated memory...

fast-string-search 安全漏洞

fast-string-search is a search function that can search for strings using N-API and boyer-moore-magiclen. fast-string-search suffers from a denial-of-service vulnerability that stems from incorrect computation of non-string input, which can be exploited by an attacker to cause fast-string- search...

fast-string-search 缓冲区错误漏洞

fast-string-search is a module from the individual developer Magic Len Ron Li in China that searches for substrings in a string using N-API and boyer-moore-magiclen. A security vulnerability exists in fast-string-search due to incorrect memory freeing and length calculation of any non-string inpu...

Out-of-bounds Read

Overview fast-string-search is a module that can search substrings in a string by using N-API and boyer-moore-magiclen. Affected versions of this package are vulnerable to Out-of-bounds Read due to incorrect memory freeing and length calculation for any non-string input as the source. This allows...