SillyTavern has a reflected XSS vulnerability in the CORS proxy middleware

Resolution Fixed in SillyTavern 1.18.0: a user-provided URL is no longer reflected in the HTTP response body. Overview - Vulnerability Type: XSS - Affected Location: src/middleware/corsProxy.js:40 - Trigger Scenario: reflected XSS in CORS proxy error response Root Cause When fetchurl throws, the...

EUVD-2024-3014

Malicious code in bioql PyPI...

EUVD-2025-11356

Malicious code in bioql PyPI...

CVE-2025-32997

In CVE-2025-32997, the http-proxy-middleware has a flaw where fixRequestBody proceeds even if bodyParser has failed, affecting versions: 2.0.7/2.0.8 (before 2.0.9) and 3.x before 3.0.5. The Connected IBM bulletin confirms the root cause and lists remediation: upgrade to http-proxy-middleware v2.0...

PT-2025-16284 · Unknown · Http-Proxy-Middleware

Name of the Vulnerable Software and Affected Versions: http-proxy-middleware versions 2.0.9 and earlier, 3.x versions prior to 3.0.5 Description: The issue arises when fixRequestBody proceeds even if bodyParser has failed. This can lead to potential security risks. Recommendations: For versions...

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in http-proxy-middleware

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of http-proxy-middleware. Vulnerability Details CVEID:CVE-2024-21536 DESCRIPTION: http-proxy-middleware is vulnerable to a denial of service, caused by an UnhandledPromiseRejection error thrown by micromatch. By sending...