36 matches found
CVE-2026-6618 langgenius dify ApiBasedToolSchemaParser parser.py parse_openai_plugin_json_to_tool_bundle server-side request forgery
A flaw has been found in langgenius dify up to 1.13.3. This issue affects the function parseopenaipluginjsontotoolbundle of the file api/core/tools/utils/parser.py of the component ApiBasedToolSchemaParser. Executing a manipulation of the argument url can lead to server-side request forgery. The...
CVE-2026-6618 langgenius dify ApiBasedToolSchemaParser parser.py parse_openai_plugin_json_to_tool_bundle server-side request forgery
A flaw has been found in langgenius dify up to 1.13.3. This issue affects the function parseopenaipluginjsontotoolbundle of the file api/core/tools/utils/parser.py of the component ApiBasedToolSchemaParser. Executing a manipulation of the argument url can lead to server-side request forgery. The...
dify 安全漏洞
dify is an open-source LLM application development platform developed by LangGenius. Versions of dify prior to 1.13.3 have security vulnerabilities. These vulnerabilities stem from improper handling of parameters in the parseopenaipluginjsontotoolbundle function of the ApiBasedToolSchemaParser...
@achinet/nestjs-async (>=0.0.1 <=0.2.0), @aligov/clark-core (>=3.0.0 <=3.0.1) +69 more potentially affected by unknown CVE via @asyncapi/protobuf-schema-parser (>=3.0.0 <=3.6.0)
@asyncapi/protobuf-schema-parser NPM version =3.0.0, =0.0.1, =3.0.0, =4.1.3, =0.7.1, =1.11.0, =0.2.0, =0.1.0, =0.2.57, =0.21.0, =3.0.0, =4.0.0, =2.1.1, =1.0.0, =0.16.0, =0.1.0, =1.3.0 and more Source cves: unknown CVE Source advisory: SNYK:JS-ASYNCAPIPROTOBUFSCHEMAPARSER-14103275...
@achinet/nestjs-async (>=0.0.1 <=0.2.0), @aligov/clark-core (>=3.0.0 <=3.0.1) +89 more potentially affected by unknown CVE via @asyncapi/openapi-schema-parser (=3.0.24)
@asyncapi/openapi-schema-parser NPM version =3.0.24 is affected by a known vulnerability. The following packages have a transitive dependency on @asyncapi/openapi-schema-parser and may be impacted: - @achinet/nestjs-async =0.0.1, =3.0.0, =0.2.44, =4.1.3, =0.7.1, =0.9.0, =1.10.0, =0.2.0, =0.1.0,...
@achinet/nestjs-async (>=0.0.1 <=0.2.0), @aligov/clark-core (>=3.0.0 <=3.0.1) +85 more potentially affected by unknown CVE via @asyncapi/avro-schema-parser (=3.0.24)
@asyncapi/avro-schema-parser NPM version =3.0.24 is affected by a known vulnerability. The following packages have a transitive dependency on @asyncapi/avro-schema-parser and may be impacted: - @achinet/nestjs-async =0.0.1, =3.0.0, =0.2.44, =4.1.3, =0.7.1, =0.9.0, =1.10.0, =0.2.0, =0.1.0, =0.2.13...
EUVD-2025-198639
Malicious code in @asyncapi/protobuf-schema-parser npm...
Malicious code in @asyncapi/protobuf-schema-parser (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 927e5dcfc89c461512068769c97bb06898751cd42cd15f50d97c4760c658269b The package @asyncapi/protobuf-schema-parser was found to contain malicious code. Source: ghsa-malware...
@achinet/nestjs-async (>=0.0.1 <=0.2.0), @aligov/clark-core (>=3.0.0 <=3.0.1) +69 more potentially affected by unknown CVE via @asyncapi/protobuf-schema-parser (>=3.0.0 <=3.6.0)
@asyncapi/protobuf-schema-parser NPM version =3.0.0, =0.0.1, =3.0.0, =4.1.3, =0.7.1, =1.11.0, =0.2.0, =0.1.0, =0.2.57, =0.21.0, =3.0.0, =4.0.0, =2.1.1, =1.0.0, =0.16.0, =0.1.0, =1.3.0 and more Source cves: unknown CVE Source advisory: OSV:MAL-2025-190641...
MAL-2025-190635 Malicious code in @asyncapi/avro-schema-parser (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 563d7e586605241445ca55919018f95a81d98cbf9599eefa9c812eef9ccd7747 The package @asyncapi/avro-schema-parser was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-198640
Malicious code in @asyncapi/avro-schema-parser npm...
Malicious code in @asyncapi/avro-schema-parser (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 563d7e586605241445ca55919018f95a81d98cbf9599eefa9c812eef9ccd7747 The package @asyncapi/avro-schema-parser was found to contain malicious code. Source: ghsa-malware...
@achinet/nestjs-async (>=0.0.1 <=0.2.0), @aligov/clark-core (>=3.0.0 <=3.0.1) +85 more potentially affected by unknown CVE via @asyncapi/avro-schema-parser (=3.0.24)
@asyncapi/avro-schema-parser NPM version =3.0.24 is affected by a known vulnerability. The following packages have a transitive dependency on @asyncapi/avro-schema-parser and may be impacted: - @achinet/nestjs-async =0.0.1, =3.0.0, =0.2.44, =4.1.3, =0.7.1, =0.9.0, =1.10.0, =0.2.0, =0.1.0, =0.2.13...
@achinet/nestjs-async (>=0.0.1 <=0.2.0), @aligov/clark-core (>=3.0.0 <=3.0.1) +89 more potentially affected by unknown CVE via @asyncapi/openapi-schema-parser (=3.0.24)
@asyncapi/openapi-schema-parser NPM version =3.0.24 is affected by a known vulnerability. The following packages have a transitive dependency on @asyncapi/openapi-schema-parser and may be impacted: - @achinet/nestjs-async =0.0.1, =3.0.0, =0.2.44, =4.1.3, =0.7.1, =0.9.0, =1.10.0, =0.2.0, =0.1.0,...
Malicious code in @asyncapi/openapi-schema-parser (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7b4e9b39029c1f0084db9cd77fb419e5b003036f5b3db50d6b52097114f0c729 The package @asyncapi/openapi-schema-parser was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-198641
Malicious code in @asyncapi/openapi-schema-parser npm...
MAL-2025-190639 Malicious code in @asyncapi/openapi-schema-parser (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7b4e9b39029c1f0084db9cd77fb419e5b003036f5b3db50d6b52097114f0c729 The package @asyncapi/openapi-schema-parser was found to contain malicious code. Source: ghsa-malware...
CVE-2021-38305
23andMe Yamale before 3.0.8 allows remote attackers to execute arbitrary code via a crafted schema file. The schema parser uses eval as part of its processing, and tries to protect from malicious expressions by limiting the builtins that are passed to the eval. When processing the schema, each li...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data during schema parsing. An attacker can execute arbitrary code by passing in malicious classes as ReflectData or SpecificData inputs to the schema parser. Details Serialization is a process of converting...
Boa (>=0.13.0 <=0.13.1), arci-urdf-viz (>=0.0.7 <=0.1.0) +89 more potentially affected by unknown CVE via fast-float (=0.2.0)
fast-float CARGO version =0.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on fast-float and may be impacted: - Boa =0.13.0, =0.0.7, =0.1.0, =0.1.0, =0.1.2, =0.1.0, =0.19.0, =0.3.0, =0.4.1, =0.6.2, =0.3.2, =0.4.1, =0.3.2, =0.20.2 and more Source cves...