n8n 安全漏洞

n8n is a scalable workflow automation tool from n8n open source. A security vulnerability exists in versions prior to n8n 1.113.0 that originates when the Git Node component triggers execution when cloning remote repositories containing pre-commit hooks, which could lead to remote code execution...

PT-2025-43650

Name of the Vulnerable Software and Affected Versions jshERP versions prior to commit fbda24da Description The software contains an unauthenticated remote code execution RCE issue via the jsh erp function. This allows for the execution of arbitrary code without authentication. Recommendations...

PT-2025-43660

Name of the Vulnerable Software and Affected Versions Antabot White-Jotter versions prior to commit 9bcadc Description The software contains an unauthenticated remote code execution RCE issue. The issue is present via the /api/aaa;/../register component. The vulnerability allows for the execution...

Malicious code in pre-commit-message-test (npm)

The package pre-commit-message-test was found to contain malicious code...

MAL-2025-29604 Malicious code in pre-commit-message-test (npm)

The package pre-commit-message-test was found to contain malicious code...

CVE-2025-54950

An out-of-bounds access vulnerability in the loading of ExecuTorch models can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit b6b7a16df5e7852d976d8c34c8a7e9a1b6f7d005...

MAL-2025-33 Malicious code in pre-commit-tasks (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e3f86360c5d5f5979a278474cb95f178bed388a7ce152931eee872318ac5fcd3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in pre-commit-tasks (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e3f86360c5d5f5979a278474cb95f178bed388a7ce152931eee872318ac5fcd3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-53848

The CVE-2024-53848 issue affects the check-jsonschema tool (and related advisories) where the default caching uses the remote schema basename (e.g., https://example.org/schema.json) as the cache filename. This can allow a malicious schema URL to overwrite or be substituted in the cache leading to...

GO-2024-3259 CometBFT Vote Extensions: Panic when receiving a Pre-commit with an invalid data in github.com/cometbft/cometbft

CometBFT Vote Extensions: Panic when receiving a Pre-commit with an invalid data in github.com/cometbft/cometbft...

GHSA-P7MV-53F2-4CWJ CometBFT Vote Extensions: Panic when receiving a Pre-commit with an invalid data

Name: ASA-2024-011: Vote Extensions: Panic when receiving a Pre-commit with an invalid data Component: CometBFT Criticality: High Considerable Impact, and Possible Likelihood per ACMv1.2 Affected versions: = 0.38.x, unreleased v1.x and main development branches Affected users: Chain Builders +...

CometBFT Vote Extensions: Panic when receiving a Pre-commit with an invalid data

Name: ASA-2024-011: Vote Extensions: Panic when receiving a Pre-commit with an invalid data Component: CometBFT Criticality: High Considerable Impact, and Possible Likelihood per ACMv1.2 Affected versions: = 0.38.x, unreleased v1.x and main development branches Affected users: Chain Builders +...

CVE-2024-44731

CVE-2024-44731 concerns Mirotalk prior to commit 9de226, where a DOM-based XSS vulnerability exists. The issue allows an attacker to execute arbitrary code by sending crafted payloads in messages to other users over RTC connections. The documented root cause is a DOM-based XSS in the messaging pa...

GHSA-PP84-V3MW-GG4W Taipy 3.1.1 affected by CVEs on flask-core and pymongo

Summary Indirect CVEs affect Taipy 3.1.1 Details Taipy 3.1.1 is affected by two existing CVEs: CVE-2024-1681 affects flask-core =3.1.2 and on major releases: =4.0.0 Impact pre-commit breaks when using dependency Taipy 3.1.1...

Taipy 3.1.1 affected by CVEs on flask-core and pymongo

Summary Indirect CVEs affect Taipy 3.1.1 Details Taipy 3.1.1 is affected by two existing CVEs: CVE-2024-1681 affects flask-core =3.1.2 and on major releases: =4.0.0 Impact pre-commit breaks when using dependency Taipy 3.1.1...

SUSE CVE-2021-46945

In the Linux kernel, the following vulnerability has been resolved: ext4: always panic when errors=panic is specified Before commit 014c9caa29d3 "ext4: make ext4abort use ext4error", the following series of commands would trigger a panic: 1. mount /dev/sda -o ro,errors=panic test 2. mount /dev/sd...

VulnCheck KEV: CVE-2023-27587

ReadtoMyShoe, a web app that lets users upload articles and listen to them later, generates an error message containing sensitive information prior to commit 8533b01. If an error occurs when adding an article, the website shows the user an error message. If the error originates from the Google...

PT-2023-29548 · Daurnimator +1 · Lua-Http +1

Name of the Vulnerable Software and Affected Versions: lua-http versions before commit ddab283 Description: The issue is related to an Improper Handling of Exceptional Conditions vulnerability in the Daurnimator lua-http library, which allows Excessive Allocation and a denial of service DoS attac...

PT-2023-11542 · Unknown · Jbt Markdown Editor

Name of the Vulnerable Software and Affected Versions: jbt Markdown Editor versions prior to commit 2252418c27dffbb35147acd8ed324822b8919477 Description: The issue is related to a Cross Site Scripting XSS vulnerability in the Rendering Engine of the jbt Markdown Editor. This vulnerability allows...

Cross site request forgery (csrf)

ReadtoMyShoe, a web app that lets users upload articles and listen to them later, generates an error message containing sensitive information prior to commit 8533b01. If an error occurs when adding an article, the website shows the user an error message. If the error originates from the Google...