Lucene search
K

73 matches found

NVD
NVD
added yesterday2 views

CVE-2026-49858

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. In versions from 2.6.0 prior to 4.1.29, 4.2.26, and 4.3.12, a missing isCacheKeySafe gate in the JSON:API and HAL item normalizers causes a cross-user attribute leak. ApiPropertysecurity: ... is evaluated per request...

5.9CVSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added last week4 views

CVE-2026-55487

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, the generic peer-suffix normalizer also stripped parenthesized text from git, URL, tarball, file, and other opaque locators. Approval for one source string could therefore authorize a different attacker-controlled source whose locator...

7.5CVSS5.9AI score0.00118EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added last week26 views

CVE-2026-55487 pnpm: manifest identity spoof satisfies allowBuilds and runs attacker lifecycle

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, the generic peer-suffix normalizer also stripped parenthesized text from git, URL, tarball, file, and other opaque locators. Approval for one source string could therefore authorize a different attacker-controlled source whose locator...

7.5CVSS0.00118EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.5 views

PT-2026-52521

Name of the Vulnerable Software and Affected Versions pnpm versions prior to 10.34.2 pnpm versions prior to 11.5.3 Description The generic peer-suffix normalizer incorrectly strips parenthesized text from git, URL, tarball, file, and other opaque locators. This behavior allows a scenario where...

7.5CVSS5.8AI score0.00118EPSS
Exploits1References10
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/13 1:3 a.m.12 views

Malicious code in dash-grid-normalizer (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 362011eafffa765e7f6c24df4ec2c7bb8f9fb6b6414570a5d193e6ea90e1250a On import, src/dashgridnormalizer/init.py calls hydrateremotelayoutprofile, which reassembles a payload from four string segments, base64-decodes and...

5.9AI score
Exploits0References4
OSV
OSV
added 2026/06/13 1:3 a.m.13 views

MAL-2026-5725 Malicious code in dash-grid-normalizer (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 362011eafffa765e7f6c24df4ec2c7bb8f9fb6b6414570a5d193e6ea90e1250a On import, src/dashgridnormalizer/init.py calls hydrateremotelayoutprofile, which reassembles a payload from four string segments, base64-decodes and...

6AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/24 4:31 p.m.7 views

Malicious code in @posthog/url-normalizer-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3af45430785d7a562e6a3ccfe29b377e17c6c71d4bbcefa7a8e4fc67e95977c8 The package @posthog/url-normalizer-plugin was found to contain malicious code. Source: google-open-source-security...

6.9AI score
Exploits0References3
EUVD
EUVD
added 2025/11/24 4:31 p.m.2 views

EUVD-2025-198928

Malicious code in @posthog/url-normalizer-plugin npm...

6.6AI score
Exploits0
OSV
OSV
added 2025/11/24 4:31 p.m.2 views

MAL-2025-190897 Malicious code in @posthog/url-normalizer-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3af45430785d7a562e6a3ccfe29b377e17c6c71d4bbcefa7a8e4fc67e95977c8 The package @posthog/url-normalizer-plugin was found to contain malicious code. Source: google-open-source-security...

6.8AI score
Exploits0References3
Veracode
Veracode
added 2025/10/31 6:30 a.m.5 views

Regular Expression Denial Of Service (ReDoS)

Transformers is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient handling of numeric strings in the normalizenumbers method of the EnglishNormalizer class, which allows an attacker to exploit crafted input with long digit sequences to cause excessi...

5.3CVSS5.3AI score0.00349EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2025/10/18 12:0 p.m.5 views

RUSTSEC-2025-0078 `unic-ucd-normal` is unmaintained

All Unicode crates that are part of https://github.com/open-i18n/rust-unic are unmaintained. Recommended alternatives - icunormalizer...

7AI score
Exploits0References3
OSV
OSV
added 2025/10/18 12:0 p.m.5 views

RUSTSEC-2025-0082 `unic-normal` is unmaintained

All Unicode crates that are part of https://github.com/open-i18n/rust-unic are unmaintained. Recommended alternatives - icunormalizer - unicode-normalization...

7AI score
Exploits0References3
RustSec
RustSec
added 2025/10/18 12:0 p.m.8 views

`unic-ucd-hangul` is unmaintained

All Unicode crates that are part of https://github.com/open-i18n/rust-unic are unmaintained. Recommended alternatives - icunormalizer - unicode-normalization...

7AI score
Exploits0
RustSec
RustSec
added 2025/10/18 12:0 p.m.10 views

`unic-normal` is unmaintained

All Unicode crates that are part of https://github.com/open-i18n/rust-unic are unmaintained. Recommended alternatives - icunormalizer - unicode-normalization...

7AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2021-21443

Malware in sbrugna...

8.6CVSS8.3AI score0.00649EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-29125

Malicious code in bioql PyPI...

5.3CVSS5.4AI score0.00349EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-52975

Malicious code in bioql PyPI...

7.1CVSS6.6AI score0.00317EPSS
Exploits0References1
OSV
OSV
added 2025/09/14 6:30 p.m.2 views

GHSA-RCV9-QM8P-9P6J Hugging Face Transformers library has Regular Expression Denial of Service

A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library, specifically within the normalizenumbers method of the EnglishNormalizer class. This vulnerability affects versions up to 4.52.4 and is fixed in version 4.53.0. The issue arises fro...

5.3CVSS6.9AI score0.00349EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2025/09/14 6:30 p.m.15 views

Hugging Face Transformers library has Regular Expression Denial of Service

A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library, specifically within the normalizenumbers method of the EnglishNormalizer class. This vulnerability affects versions up to 4.52.4 and is fixed in version 4.53.0. The issue arises fro...

5.3CVSS6.9AI score0.00349EPSS
Exploits1References6Affected Software1
Snyk
Snyk
added 2025/09/14 5:40 p.m.1 views

Regular Expression Denial of Service (ReDoS)

Overview transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the normalizenumbers function of the EnglishNormalizer class. An attacker can cause excessive CPU...

6.9CVSS5.5AI score0.00349EPSS
Exploits1References2
Rows per page
Query Builder