Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data from LDAP referrals. An attacker can execute arbitrary code or perform unauthorized actions by supplying crafted LDAP referral data. Details Serialization is a process of converting an object into a...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure in the frontend build process when it exits with a non-zero status. An attacker can obtain sensitive environment variables, including credentials, by reviewing build logs or archived build artifacts generated during...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure in the frontend build process when it exits with a non-zero status. An attacker can obtain sensitive environment variables, including credentials, by reviewing build logs or archived build artifacts generated during...

CVE-2026-36757

A Server-Side Request Forgery SSRF in the /plugins/name/upgrade-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the /changes webhook endpoint. An attacker can exhaust system memory by sending an oversized JSON payload. Remediation Upgrade github.com/mattermost/mattermost-plugin-msteams/serv...

CVE-2020-17508

The ATS ESI plugin has a memory disclosure vulnerability. If you are running the plugin please upgrade. Apache Traffic Server versions 7.0.0 to 7.1.11 and 8.0.0 to 8.1.0 are affected...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of resource-limiting controls in the gRPC, HTTPS, and HTTP3 server implementations. An attacker can exhaust memory and cause the server to degrade or crash by opening...

EUVD-2025-112737

Malicious code in html-webpack-plugin-upgrade-remark-enceladus npm...

Incorrect Execution-Assigned Permissions

Overview Affected versions of this package are vulnerable to Incorrect Execution-Assigned Permissions when initialising host directories with 711 and 755 permissions instead of 700. An attacker can gain unauthorized access to sensitive data and potentially escalate privileges by accessing...

EUVD-2015-1103

Malware in sbrugna...

EUVD-2015-1132

Malware in sbrugna...

EUVD-2015-1119

Malware in sbrugna...

EUVD-2015-1111

Malware in sbrugna...

EUVD-2022-29585

Malicious code in bioql PyPI...

EUVD-2023-34990

Malicious code in bioql PyPI...

EUVD-2023-2669

Malicious code in bioql PyPI...

EUVD-2023-1614

Malicious code in bioql PyPI...

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials in the job configuration form, where API keys are not masked. An attacker can obtain sensitive credentials by viewing the exposed API keys during job configuration. Remediation Upgrade...

CVE-2025-46647

A vulnerability of plugin openid-connect in Apache APISIX. This vulnerability will only have an impact if all of the following conditions are met: 1. Use the openid-connect plugin with introspection mode 2. The auth service connected to openid-connect provides services to multiple issuers 3...

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection due to the DocumentBuilderFactory used in the XunitXmlPlugin.java file, which is used without disabling DTDs or external entities.. An attacker can access arbitrary files on the file system or initiate...