UBUNTU-CVE-2026-4519

The webbrowser.open API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing to webbrowser.open...

CVE-2026-4519

The webbrowser.open API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing to webbrowser.open...

CLSA-2022-1654106859 Fix CVE(s): CVE-2022-0391

SECURITY UPDATE: Injection attack - debian/patches/CVE-2022-0391.patch: sanitize urls in urllib.parse when it containing ASCII newline and tabs in Doc/library/urllib.parse.rst, Lib/test/testurlparse.py, Lib/urllib/parse.py. - CVE-2022-0391...

RHEL 8 : python27:2.7 (RHSA-2022:1821)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1821 advisory. Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic...

GHSA-4448-RC82-FCR7 Path Traversal in serve-here.js

Versions of serve-here.js prior to 1.2.0 are vulnerable to path traversal. The package fails to sanitize URLs, allowing attackers to access server files outside of the served folder using relative paths...

Path Traversal in ponse

Versions of ponse prior to 2.0.2 are vulnerable to Path Traversal. The package fails to sanitize URLs, allowing attackers to access server files outside of the served folder using relative paths. Recommendation Upgrade to version 2.0.2 or later...

GHSA-2MP5-M968-GWR2 Path Traversal in http-file-server

All versions of http-file-server are vulnerable to Path Traversal. The package fails to sanitize URLs, allowing attackers to access server files outside of the served folder using relative paths. Recommendation No fix is currently available. Consider using an alternative package until a fix is ma...

Path Traversal

Overview Versions of restify-swagger-jsdoc prior to 3.2.1 are vulnerable to Path Traversal. The package fails to properly sanitize URLs, which may allow attackers to access server files outside the swagger-ui folder by using relative paths. Recommendation Upgrade to version 3.2.1 or later...

Path Traversal

Overview Versions of ponse prior to 2.0.2 are vulnerable to Path Traversal. The package fails to sanitize URLs, allowing attackers to access server files outside of the served folder using relative paths. Recommendation Upgrade to version 2.0.2 or later. References - HackerOne Report - GitHub...

Design/Logic Flaw

webcheckout in myrepos through 1.20171231 does not sanitize URLs that are passed to git clone, allowing a malicious website operator or a MitM attacker to take advantage of it for arbitrary code execution, as demonstrated by an "ext::sh -c" attack or an option injection attack...

GSA Bounty: Reflected XSS on the data.gov (WAF bypass+ Chrome XSS Auditor bypass+ works in all browsers)

Description Hello. I discovered Cross-Site scripting issue on the https://www.data.gov/local/ endpoint. The issue can be site-wide, and exploitable in any place, where pagination exist. The Impact and Severity I assigned the High severity, because unlike the last 263226 report that XSS was...