EUVD-2025-198778

Malicious code in @seung-ju/openapi-generator npm...

MAL-2025-190756 Malicious code in @seung-ju/openapi-generator (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0f38aa15b9a4a24dec5d8ea17b00f0bcc9e7ba46386fd087b3a9fa569ade45a6 The package @seung-ju/openapi-generator was found to contain malicious code. Source: ghsa-malware...

EUVD-2021-0794

Malware in sbrugna...

EUVD-2021-0893

Malware in sbrugna...

EUVD-2021-1049

Malware in sbrugna...

EUVD-2023-1130

Malicious code in bioql PyPI...

EUVD-2022-1933

Malicious code in bioql PyPI...

h1-cli-device-browser (>=1.0.1-alpha.0 <=1.0.1-alpha.1), h1-cli-device-node (>=1.0.1-alpha.0 <=1.0.1-alpha.1) potentially affected by unknown CVE via h1-cli-ext-root-openapi-generator (=1.0.1-alpha.1)

h1-cli-ext-root-openapi-generator NPM version =1.0.1-alpha.1 is affected by a known vulnerability. The following packages have a transitive dependency on h1-cli-ext-root-openapi-generator and may be impacted: - h1-cli-device-browser =1.0.1-alpha.0, =1.0.1-alpha.0, =1.0.1-alpha.1 Source cves:...

Malicious code in h1-cli-ext-root-openapi-generator (npm)

The package h1-cli-ext-root-openapi-generator was found to contain malicious code...

MAL-2025-22081 Malicious code in h1-cli-ext-root-openapi-generator (npm)

The package h1-cli-ext-root-openapi-generator was found to contain malicious code...

CVE-2023-27162

openapi-generator up to v6.4.0 was discovered to contain a Server-Side Request Forgery SSRF via the component /api/gen/clients/language. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request...

CVE-2021-21430

OpenAPI Generator allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. Using File.createTempFile in JDK will result in creating and using insecure temporary files that can leave application and system data...

CVE-2021-21428

Openapi generator is a java tool which allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. openapi-generator-online creates insecure temporary folders with File.createTempFile during the code generation...

CVE-2019-11405

OpenAPI Tools OpenAPI Generator before 4.0.0-20190419.052012-560 uses http:// URLs in various build.gradle, build.gradle.mustache, and build.sbt files, which may have caused insecurely resolved dependencies...

VulnCheck KEV: CVE-2024-35219

OpenAPI Generator allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary,...

Malicious code in tailchat-service-openapi-generator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 22511b2b576ee7a41e7c7f6abf4e9a9fdedded65c99367d47f3f5cda4ce875c7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

The vulnerability of the OpenAPI Generator software for automatically generating client libraries arises from incorrect restrictions on the path name to the restricted access directory. This allows attackers to circumvent security restrictions and gain read, modify, or delete access to data.

The vulnerability of the OpenAPI Generator software for automatically generating client libraries is related to an incorrect restriction on the path name to the restricted access directory. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and gain access to...

Path Traversal

org.openapitools, openapi-generator-online is vulnerable to a Path Traversal. The vulnerability is due to unrestricted access to the outputFolder option, which allows attackers to manipulate file paths and potentially read or delete files and folders outside of the intended directory...

GHSA-G3HR-P86P-593H OpenAPI Generator Online - Arbitrary File Read/Delete

Impact Attackers can exploit the vulnerability to read and delete files and folders from an arbitrary, writable directory as anyone can set the output folder when submitting the request via the outputFolder option. Patches The issue was fixed via...

OpenAPI Generator Online - Arbitrary File Read/Delete

Impact Attackers can exploit the vulnerability to read and delete files and folders from an arbitrary, writable directory as anyone can set the output folder when submitting the request via the outputFolder option. Patches The issue was fixed via...