73 matches found
CVE-2026-49858
API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. In versions from 2.6.0 prior to 4.1.29, 4.2.26, and 4.3.12, a missing isCacheKeySafe gate in the JSON:API and HAL item normalizers causes a cross-user attribute leak. ApiPropertysecurity: ... is evaluated per request...
CVE-2026-55487
pnpm is a package manager. Prior to 10.34.2 and 11.5.3, the generic peer-suffix normalizer also stripped parenthesized text from git, URL, tarball, file, and other opaque locators. Approval for one source string could therefore authorize a different attacker-controlled source whose locator...
CVE-2026-55487 pnpm: manifest identity spoof satisfies allowBuilds and runs attacker lifecycle
pnpm is a package manager. Prior to 10.34.2 and 11.5.3, the generic peer-suffix normalizer also stripped parenthesized text from git, URL, tarball, file, and other opaque locators. Approval for one source string could therefore authorize a different attacker-controlled source whose locator...
PT-2026-52521
Name of the Vulnerable Software and Affected Versions pnpm versions prior to 10.34.2 pnpm versions prior to 11.5.3 Description The generic peer-suffix normalizer incorrectly strips parenthesized text from git, URL, tarball, file, and other opaque locators. This behavior allows a scenario where...
Malicious code in dash-grid-normalizer (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 362011eafffa765e7f6c24df4ec2c7bb8f9fb6b6414570a5d193e6ea90e1250a On import, src/dashgridnormalizer/init.py calls hydrateremotelayoutprofile, which reassembles a payload from four string segments, base64-decodes and...
MAL-2026-5725 Malicious code in dash-grid-normalizer (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 362011eafffa765e7f6c24df4ec2c7bb8f9fb6b6414570a5d193e6ea90e1250a On import, src/dashgridnormalizer/init.py calls hydrateremotelayoutprofile, which reassembles a payload from four string segments, base64-decodes and...
Malicious code in @posthog/url-normalizer-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3af45430785d7a562e6a3ccfe29b377e17c6c71d4bbcefa7a8e4fc67e95977c8 The package @posthog/url-normalizer-plugin was found to contain malicious code. Source: google-open-source-security...
EUVD-2025-198928
Malicious code in @posthog/url-normalizer-plugin npm...
MAL-2025-190897 Malicious code in @posthog/url-normalizer-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3af45430785d7a562e6a3ccfe29b377e17c6c71d4bbcefa7a8e4fc67e95977c8 The package @posthog/url-normalizer-plugin was found to contain malicious code. Source: google-open-source-security...
Regular Expression Denial Of Service (ReDoS)
Transformers is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient handling of numeric strings in the normalizenumbers method of the EnglishNormalizer class, which allows an attacker to exploit crafted input with long digit sequences to cause excessi...
RUSTSEC-2025-0078 `unic-ucd-normal` is unmaintained
All Unicode crates that are part of https://github.com/open-i18n/rust-unic are unmaintained. Recommended alternatives - icunormalizer...
RUSTSEC-2025-0082 `unic-normal` is unmaintained
All Unicode crates that are part of https://github.com/open-i18n/rust-unic are unmaintained. Recommended alternatives - icunormalizer - unicode-normalization...
`unic-ucd-hangul` is unmaintained
All Unicode crates that are part of https://github.com/open-i18n/rust-unic are unmaintained. Recommended alternatives - icunormalizer - unicode-normalization...
`unic-normal` is unmaintained
All Unicode crates that are part of https://github.com/open-i18n/rust-unic are unmaintained. Recommended alternatives - icunormalizer - unicode-normalization...
EUVD-2021-21443
Malware in sbrugna...
EUVD-2025-29125
Malicious code in bioql PyPI...
EUVD-2024-52975
Malicious code in bioql PyPI...
GHSA-RCV9-QM8P-9P6J Hugging Face Transformers library has Regular Expression Denial of Service
A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library, specifically within the normalizenumbers method of the EnglishNormalizer class. This vulnerability affects versions up to 4.52.4 and is fixed in version 4.53.0. The issue arises fro...
Hugging Face Transformers library has Regular Expression Denial of Service
A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library, specifically within the normalizenumbers method of the EnglishNormalizer class. This vulnerability affects versions up to 4.52.4 and is fixed in version 4.53.0. The issue arises fro...
Regular Expression Denial of Service (ReDoS)
Overview transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the normalizenumbers function of the EnglishNormalizer class. An attacker can cause excessive CPU...