[SECURITY] Fedora 42 Update: openjpeg-2.5.3-8.fc42

The OpenJPEG library is an open-source JPEG 2000 library developed in order to promote the use of JPEG 2000. This package contains JPEG 2000 codec compliant with the Part 1 of the standard Class-1 Profile-1 compliance. JP2 JPEG 2000 standard Part 2 - Handling of JP2 boxes and extended multiple...

Misinterpretation of Input

Overview Affected versions of this package are vulnerable to Misinterpretation of Input in the Optimizer component. An attacker can cause the application to crash repeatedly and become unresponsive by supplying specially crafted input. Details Denial of Service DoS describes a family of attacks,...

OSV-SCALIBR 安全漏洞

OSV-SCALIBR is an open source software portfolio analysis library from Google. A security vulnerability exists in OSV-SCALIBR, which stems from a path traversal problem in the unpack function that could lead to arbitrary file writes...

CVE-2025-49597

handcraftedinthealps goodby-csv is a highly memory efficient, flexible and extendable open-source CSV import/export library. Prior to 1.4.3, goodby-csv could be used as part of a chain of methods that is exploitable when an insecure deserialization vulnerability exists in an application. This...

HP Universal Scan - Potential Information Disclosure

HP Universal Scan is vulnerable to potential information disclosure due to code vulnerability within the product's solution open-source library libssh2. Update your printer software...

workers-oauth-provider 安全漏洞

workers-oauth-provider is a Cloudflare open source OAuth provider library for Cloudflare Workers. A security vulnerability exists in workers-oauth-provider that stems from a PKCE check being bypassed, which could lead to a failure of the protection mechanism...

relibc 安全漏洞

relibc Redox C Library is an open source library for Redox OS. A security vulnerability exists in versions prior to relibc 98aa4ea5, which stems from the setsockopt function that can lead to a denial of service...

Security Bulletin: A security vulnerability has been identified in open source tomcat library used in IBM Quantum Safe Explorer (Mac and Windows Service)

Summary A security vulnerability has been identified in open source tomcat librarytomcat-embed-core-10.1.34 used in IBM Quantum Safe Explorer Mac and Windows Service Vulnerability Details CVEID:CVE-2025-24813 DESCRIPTION: Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution...

Denial of Service (DoS)

Overview dbgpt is a DB-GPT is an experimental open-source project that uses localized GPT large models to interact with your data and environment. With this solution, you can beassured that there is no risk of data leakage, and your data is 100% private and secure. Affected versions of this packa...

libhv 环境问题漏洞

libhv is an open source network library by ithewei that is easier to use than libevent/libuv/asio. An environment issue vulnerability exists in libhv 1.3.3 and earlier versions, which stems from inconsistent HTTP request interpretation and may result in HTTP response entrapment...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via the JsoupHtmlTextExtractor function. An attacker can cause unbounded memory consumption leading to a denial of service by sending crafted HTML content that triggers excessive memory allocation. Details Denial o...

Denial of Service (DoS)

Overview net.minidev:json-smart is a Java JSON parser. Affected versions of this package are vulnerable to Denial of Service DoS. An attacker can cause a stack exhaustion and subsequent service disruption by providing JSON input with an excessive number of nested . Note: This issue exists because...

CVE-2021-39157

detect-character-encoding is an open source character encoding inspection library. In detect-character-encoding v0.6.0 and earlier, data matching no charset causes the Node.js process to crash. The problem has been patched in detect-character-encoding v0.7.0. No workaround are available and all...

CVE-2024-37063

A cross-site scripting XSS vulnerability in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library allows for payloads to be run when a maliocusly crafted report is viewed in the browser...

Bento4 安全漏洞

Bento4 is an open source C++ library for reading and writing MP4 files from Axiomatic Systems. A security vulnerability exists in Bento4 that stems from a floating point exception in the AP4TfraAtom::AP4TfraAtom function...

PhpSpreadsheet 安全漏洞

PhpSpreadsheet is an open source PHP library from PHPOffice for reading and writing spreadsheet files. A security vulnerability exists in PhpSpreadsheet that stems from the presence of a cross-site scripting XSS vulnerability...

PhpSpreadsheet 安全漏洞

PhpSpreadsheet is an open source PHP library from PHPOffice for reading and writing spreadsheet files. A security vulnerability exists in PhpSpreadsheet that stems from vulnerability to unauthorized reflection-based cross-site scripting attacks...

MangoOS 安全漏洞

MangoOS is an open source JavaScript object-oriented programming library from Automattic. A security vulnerability exists in MangoOS versions prior to 5.2.0, which stems from vulnerability to a stored cross-site scripting attack that allows an attacker to execute arbitrary web script or HTML via ...

JSONPath Plus 安全漏洞

JSONPath Plus is an open source library for JSONPath Plus. A security vulnerability exists in JSONPath Plus versions prior to 10.0.0 that stems from improper input cleanup and is susceptible to a Remote Code Execution RCE attack, which can be exploited by an attacker to execute arbitrary code on ...

Gradio 授权问题漏洞

Gradio, an open source Python library open-sourced by Hugging Face, is a method for demonstrating machine learning models through a friendly web interface. Gradio suffers from an authorization issue vulnerability that stems from the localhostaliases variable containing "null" as a valid source wh...