CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2025/03/19 4:3 p.m.•15 views

CVE-2025-30153 Improper Handling of Highly Compressed Data (Data Amplification) in github.com/getkin/kin-openapi/openapi3filter

7.5CVSS0.001EPSS

Vulnrichment•added 2025/03/19 4:3 p.m.•8 views

CVE-2025-30153 Improper Handling of Highly Compressed Data (Data Amplification) in github.com/getkin/kin-openapi/openapi3filter

7.5CVSS7.4AI score0.001EPSS

OSV•added 2025/03/19 4:3 p.m.•5 views

CVE-2025-30153 Improper Handling of Highly Compressed Data (Data Amplification) in github.com/getkin/kin-openapi/openapi3filter

7.5CVSS5.5AI score0.001EPSS

Exploits0References7

CVE•added 2025/03/19 4:3 p.m.•207 views

CVE-2025-30153

CVE-2025-30153 affects kin-openapi (Go) prior to 0.131.0. The issue occurs when validating a request with a multipart/form-data schema: if the OpenAPI schema allows it, an attacker can upload a crafted ZIP file (e.g., a ZIP bomb) that causes the server to exhaust memory. The root cause is the Zip...

7.5CVSS7.4AI score0.001EPSS

CNNVD•added 2025/03/19 12:0 a.m.•1 views

kin-openapi 安全漏洞

kin-openapi is a getkin open source implementation of OpenAPI 3.0 for Go parsing, transforming, validating, etc.. A security vulnerability exists in kin-openapi versions prior to 0.131.0, which stems from a potential memory exhaustion when processing multipart/form-data requests...

7.5CVSS5.5AI score0.001EPSS

Exploits0References6

Positive Technologies•added 2025/03/19 12:0 a.m.•2 views

PT-2025-11700

Name of the Vulnerable Software and Affected Versions kin-openapi versions prior to 0.131.0 Description The issue arises when validating a request with a multipart/form-data schema. If the OpenAPI schema allows it, an attacker can upload a crafted ZIP file, such as a ZIP bomb, causing the server ...

9.8CVSS6.4AI score0.001EPSS

Exploits0References100

Wallarm Lab•added 2025/03/04 1:0 p.m.•9 views

API Specifications: Why, When, and How to Enforce Them

APIs facilitate communication between different software applications and power a wide range of everyday digital experiences, from weather apps to streaming services and everything in between. They are also a critical ingredient of AI. However, if not structured and standardized properly, APIs ca...

7.7AI score

Exploits0

OSV•added 2025/03/01 8:10 p.m.•3 views

MAL-2025-1657 Malicious code in okta-sdk-php-openapi (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware da144ffdf9eed05ec70b485602e1d3aeae40d312d6fd4eec8956422e2365bd0b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score

OSSF Malicious Packages•added 2025/03/01 8:10 p.m.•3 views

Malicious code in okta-sdk-php-openapi (npm)

Veracode•added 2025/02/09 2:34 p.m.•2 views

Denial Of Service

GitLab is vulnerable to Denial of Service DoS. The vulnerability is due to the server's failure to safely process crafted OpenAPI files, and attackers can exploit this to consume excessive resources or crash the service, leading to a denial of service...

5.5CVSS5.1AI score0.00049EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2025/02/05 5:21 p.m.•4 views

CVE-2019-11405

OpenAPI Tools OpenAPI Generator before 4.0.0-20190419.052012-560 uses http:// URLs in various build.gradle, build.gradle.mustache, and build.sbt files, which may have caused insecurely resolved dependencies...

8.1CVSS6.8AI score0.00189EPSS

Exploits1References1

RedhatCVE•added 2025/02/05 2:53 p.m.•6 views

CVE-2020-15142

In openapi-python-client before version 0.5.3, clients generated with a maliciously crafted OpenAPI Document can generate arbitrary Python code. Subsequent execution of this malicious client is arbitrary code execution...

9CVSS7.3AI score0.00757EPSS

Exploits0

OSSF Malicious Packages•added 2025/01/31 3:1 a.m.•4 views

Malicious code in smartling-openapi-spec (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 21a5bc79af548e1ec5706ef28aa4991242b628e7fb312ee2141f58d6aa46d16b Any computer that has this package installed or running should be considered...

OSV•added 2025/01/31 3:1 a.m.•2 views

MAL-2025-715 Malicious code in smartling-openapi-spec (npm)

7AI score

VulnCheck KEV•added 2024/12/05 12:0 a.m.•1 views

VulnCheck KEV: CVE-2024-35219

OpenAPI Generator allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary,...

8.3CVSS5.8AI score0.40124EPSS

OSSF Malicious Packages•added 2024/12/01 6:53 p.m.•3 views

Malicious code in tailchat-service-openapi-generator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 22511b2b576ee7a41e7c7f6abf4e9a9fdedded65c99367d47f3f5cda4ce875c7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSSF Malicious Packages•added 2024/11/16 2:12 a.m.•3 views

Malicious code in seatalk-openapi (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b1ba364a75979c4daf8df3fca9ae125f39309f1e2aaaf2ee625eef7a3e9a1d30 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...