CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

42 matches found

OSV•added 2026/04/16 1:51 p.m.•2 views

MAL-2026-2701 Malicious code in sanitize-url (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36f98260cc1b910a8921671795398ad7f986f02b0b7bc8efef18a4df09b87d51 The package sanitize-url was found to contain malicious code. Source: ossf-package-analysis...

5.7AI score

Exploits0

OSSF Malicious Packages•added 2026/04/16 1:51 p.m.•4 views

Malicious code in sanitize-url (npm)

5.7AI score

Exploits0

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2023-46103

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.00069EPSS

Exploits1References1

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2022-1445

Malicious code in bioql PyPI...

6.1CVSS6.9AI score0.00126EPSS

Exploits1References15

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2023-0773

Malicious code in bioql PyPI...

6.1CVSS6.5AI score0.00585EPSS

Exploits0References5

Tenable Nessus•added 2025/08/30 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2021-23648

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The package @braintree/sanitize-url before 6.0.0 are vulnerable to Cross-site Scripting XSS due to improper sanitization in sanitizeUrl function. CVE-2021-23648...

6.1CVSS7.3AI score0.00126EPSS

Exploits1References2

SUSE Linux•added 2024/11/18 1:25 p.m.•2 views

Security update for SUSE Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: Security fixes on Python 3.11 interpreter: CVE-2024-7592: Fixed quadratic complexity in parsing -quoted cookie values with backslashes bsc1229873, bsc1230059 CVE-2024-8088: Prevent malformed payload to cause infinite loops in zipfile.Path...

7.5CVSS7.8AI score0.07521EPSS

Exploits3References66

OSV•added 2023/09/11 6:15 p.m.•10 views

CVE-2023-41609

An open redirect vulnerability in the sanitizeurl parameter of CouchCMS v2.3 allows attackers to redirect a victim user to an arbitrary web site via a crafted URL...

6.1CVSS6.8AI score

Exploits0References1

ATTACKERKB•added 2023/09/11 6:15 p.m.•0 views

CVE-2023-41609

An open redirect vulnerability in the sanitizeurl parameter of CouchCMS v2.3 allows attackers to redirect a victim user to an arbitrary web site via a crafted URL...

6.1CVSS6.4AI score0.00069EPSS

Exploits1References2

Positive Technologies•added 2023/09/11 12:0 a.m.•2 views

PT-2023-27996 · Couchcms · Couchcms

Name of the Vulnerable Software and Affected Versions: CouchCMS version 2.3 Description: An open redirect issue exists in the sanitize url parameter, allowing attackers to redirect users to arbitrary websites via crafted URLs. Recommendations: For CouchCMS version 2.3, consider disabling the...

6.1CVSS6.2AI score0.00069EPSS

Exploits1References6

OSV•added 2023/05/15 1:15 p.m.•2 views

CVE-2023-2009

Plugin does not sanitize and escape the URL field in the Pretty Url WordPress plugin through 1.5.4 settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS6.6AI score0.01098EPSS

Exploits2References1

NVD•added 2023/05/15 1:15 p.m.•9 views

CVE-2023-2009

4.8CVSS4.8AI score0.01098EPSS

Exploits2References1

RedhatCVE•added 2023/03/01 5:29 a.m.•29 views

CVE-2022-48345

A flaw was found in sanitize-url. It does not correctly sanitize with colons, possibly leading to a Cross-site scripting risk...

6.1CVSS5.9AI score0.00585EPSS

Exploits0References3

Veracode•added 2023/03/01 2:54 a.m.•22 views

Cross-site Scripting (XSS)

@braintree/sanitize-url is vulnerable to Cross-site Scripting XSS. The vulnerability exists because the decodeHtmlCharacters function in index.ts does not properly sanitize html encoded colons in the urlSchemeRegex parameter, which allows an attacker to inject and execute malicious JavaScript by...

6.1CVSS5.9AI score0.00585EPSS

Exploits0References4Affected Software2

Github Security Blog•added 2023/02/24 6:30 a.m.•55 views

@braintree/sanitize-url Cross-site Scripting vulnerability

sanitize-url aka @braintree/sanitize-url before 6.0.1 allows XSS via HTML entities...

6.1CVSS5.8AI score0.00585EPSS

Exploits0References5Affected Software1

OSV•added 2023/02/24 6:30 a.m.•19 views

GHSA-Q8GG-VJ6M-HGMJ @braintree/sanitize-url Cross-site Scripting vulnerability

sanitize-url aka @braintree/sanitize-url before 6.0.1 allows XSS via HTML entities...

6.1CVSS6AI score0.00585EPSS

Exploits0References5

vulnersOsv•added 2023/02/24 6:30 a.m.•1 views

@0xgg/echomd (>=1.0.0 <=1.0.4), @adobe/parliament-ui-components (>=4.6.0 <=5.1.0) +745 more potentially affected by CVE-2022-48345 via @braintree/sanitize-url (>=1.0.0 <=6.0.0)

@braintree/sanitize-url NPM version =1.0.0, =1.0.0, =4.6.0, =2.6.1, =0.1.0, =0.0.18, =0.0.0-development, =6.8.0, =0.1.2, =2.2.2, =0.5.0, =3.23.0, =0.0.0-nightly-2020972106, =0.1.1-alpha.19, =0.1.0, =0.1.0-integrate-flowzone-f2df00320763c10337790c7657713f782ca7a948 and more Source cves:...

6.1CVSS6.5AI score0.00585EPSS

Exploits0

OSV•added 2023/02/24 6:15 a.m.•16 views

CVE-2022-48345

sanitize-url aka @braintree/sanitize-url before 6.0.2 allows XSS via HTML entities...

6.1CVSS6.1AI score

Exploits0References2

OSV•added 2023/02/24 6:15 a.m.•1 views

DEBIAN-CVE-2022-48345

sanitize-url aka @braintree/sanitize-url before 6.0.2 allows XSS via HTML entities...

6.1CVSS5.9AI score0.00585EPSS

Exploits0References1