35 matches found
CVE-2026-63397
remorses/genql before version 6.3.4 allows an authenticated attacker with control of the GraphQL schema that is passed to genql to inject arbitrary JavaScript or TypeScript. The malicious code is injected into the generated schema.ts file and executes when the genql client is bundled and imported...
EUVD-2026-45031
remorses/genql before version 6.3.4 allows an authenticated attacker with control of the GraphQL schema that is passed to genql to inject arbitrary JavaScript or TypeScript. The malicious code is injected into the generated schema.ts file and executes when the genql client is bundled and imported...
GHSA-79PH-745M-6WXQ Langflow: Path Traversal in Knowledge Bases API via Creation Endpoint
Summary Langflow is vulnerable to Path Traversal in the Knowledge Bases API POST /api/v1/knowledgebases. This occurs because user-supplied knowledge base names are used directly to create file paths without proper sanitization or containment checks. An authenticated attacker can exploit this flaw...
389-ds-base: 389-ds-base: Remote Code Execution and Denial of Service via heap buffer overflow
A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the schemaattrenumcallback function within the schema.c file. This occurs because the code incorrectly calculates the buffer size by summing alias string lengths without accounting for additional formatting...
EUVD-2021-0470
Malware in sbrugna...
EUVD-2021-0757
Malware in sbrugna...
Malicious code in sequelize-schema-file-generator (npm)
The package sequelize-schema-file-generator was found to contain malicious code...
CVE-2025-55199 Helm Charts with Specific JSON Schema Values Can Cause Memory Exhaustion
Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, it is possible to craft a JSON Schema file in a manner which could cause Helm to use all available memory and have an out of memory OOM termination. This issue has been resolved in Helm 3.18.5. A workaround involves...
GraphQL Import Success
GraphQL schema file was successfully imported and can be used during the scan. No source data...
GraphQL Import Failed
GraphQL schema file could not be imported and cannot be used during the scan. No source data...
BIT-HELM-2025-32387 Helm Allows A Specially Crafted JSON Schema To Cause A Stack Overflow
Helm is a package manager for Charts for Kubernetes. A JSON Schema file within a chart can be crafted with a deeply nested chain of references, leading to parser recursion that can exceed the stack size limit and trigger a stack overflow. This issue has been resolved in Helm v3.17.3...
PT-2024-15266 · Secure Systems Engineering · Secure Systems Engineering Connaisseur
Name of the Vulnerable Software and Affected Versions: Secure Systems Engineering Connaisseur versions up to 3.3.0 Description: A vulnerability has been found in Secure Systems Engineering Connaisseur, affecting unknown code of the file connaisseur/res/targets schema.json of the component...
GHSA-9GP8-6CG8-7H34 Spring Security's spring-security.xsd file is world writable
The spring-security.xsd file inside the spring-security-config jar is world writable which means that if it were extracted it could be written by anyone with access to the file system. While there are no known exploits, this is an example of “CWE-732: Incorrect Permission Assignment for Critical...
VMware Spring Security Security Vulnerability
VMware Spring Security is a set of security frameworks from VMware that provide illustrative security for Spring-based applications. A security vulnerability exists in Spring Security versions 6.1.1 through 6.1.3, 6.0.4 through 6.0.6, 5.8.4 through 5.8.6, and 5.7.9 through 5.7.10, which stems fro...
GO-2022-1166 Denial of service via schema file in helm.sh/helm/v3
Certain JSON schema validation files can cause a Helm Client to panic, leading to a possible denial of service. The chartutil package contains a parser that loads a JSON Schema validation file. For example, the Helm client when rendering a chart will validate its values with the schema file. The...
Helm contains Denial of service through schema file
...
CVE-2022-23526 Helm contains Denial of service through schema file
Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to NULL Pointer Dereference in thechartutil package that can cause a segmentation violation. The chartutil package contains a parser that loads a JSON Schema validation file. For example,...
CVE-2022-23526 Helm contains Denial of service through schema file
Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to NULL Pointer Dereference in thechartutil package that can cause a segmentation violation. The chartutil package contains a parser that loads a JSON Schema validation file. For example,...
GHSA-67FX-WX78-JX33 Helm vulnerable to denial of service through schema file
Fuzz testing, by Ada Logics and sponsored by the CNCF, identified input to functions in the chartutil package that can cause a segmentation violation. Applications that use functions from the chartutil package in the Helm SDK can have a Denial of Service attack when they use this package and it...
Helm vulnerable to denial of service through schema file
Fuzz testing, by Ada Logics and sponsored by the CNCF, identified input to functions in the chartutil package that can cause a segmentation violation. Applications that use functions from the chartutil package in the Helm SDK can have a Denial of Service attack when they use this package and it...