CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

21 matches found

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2020-1459

Malware in sbrugna...

9.6CVSS9.2AI score0.06179EPSS

Exploits3References4

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2022-0612

Malicious code in bioql PyPI...

6.1CVSS6.2AI score0.00328EPSS

Exploits0References3

RedhatCVE•added 2025/05/22 3:25 p.m.•6 views

CVE-2020-27428

A DOM-based cross-site scripting XSS vulnerability in Scratch-Svg-Renderer v0.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted sb3 file...

6.1CVSS5.7AI score0.00328EPSS

Exploits0

vulnersOsv•added 2022/01/08 12:44 a.m.•2 views

@cybergenios/scratch-gui (>=1.8.20 <=1.8.30), @cybergenios/www (>=1.0.2 <=1.0.3) +47 more potentially affected by CVE-2020-27428 via scratch-svg-renderer (>=0.1.0-prerelease.20180524210316 <=0.2.0)

scratch-svg-renderer NPM version =0.1.0-prerelease.20180524210316, =1.8.20, =1.0.2, =1.3.0, =0.1.0-raspberrypifoundation.20210805151219, =0.1.0, =1.0.0-alpha.1, =0.0.1, =0.1.0, =0.0.1, =3.0.10, =0.1.0, =0.1.1 and more Source cves: CVE-2020-27428 Source advisory: OSV:GHSA-H3VQ-WV8J-36GW...

6.1CVSS6.3AI score0.00328EPSS

Exploits0

Github Security Blog•added 2022/01/08 12:44 a.m.•42 views

Cross-site Scripting in Scratch-Svg-Renderer

A DOM-based cross-site scripting XSS vulnerability in Scratch-Svg-Renderer v0.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted sb3 file...

6.1CVSS5.6AI score0.00328EPSS

Exploits0References3Affected Software1

OSV•added 2022/01/08 12:44 a.m.•3 views

GHSA-H3VQ-WV8J-36GW Cross-site Scripting in Scratch-Svg-Renderer

A DOM-based cross-site scripting XSS vulnerability in Scratch-Svg-Renderer v0.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted sb3 file...

6.1CVSS6AI score0.00328EPSS

Exploits0References3

OSV•added 2022/01/06 12:15 a.m.•16 views

CVE-2020-27428

A DOM-based cross-site scripting XSS vulnerability in Scratch-Svg-Renderer v0.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted sb3 file...

6.1CVSS5.6AI score

Exploits0References1

NVD•added 2022/01/06 12:15 a.m.•14 views

CVE-2020-27428

A DOM-based cross-site scripting XSS vulnerability in Scratch-Svg-Renderer v0.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted sb3 file...

6.1CVSS0.00328EPSS

Exploits0References1

Prion•added 2022/01/06 12:15 a.m.•18 views

Cross site scripting

A DOM-based cross-site scripting XSS vulnerability in Scratch-Svg-Renderer v0.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted sb3 file...

4.3CVSS5.8AI score0.00328EPSS

Exploits0References1Affected Software1

Cvelist•added 2022/01/05 11:37 p.m.•20 views

CVE-2020-27428

A DOM-based cross-site scripting XSS vulnerability in Scratch-Svg-Renderer v0.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted sb3 file...

5.8AI score0.00328EPSS

Exploits0References1

CVE•added 2022/01/05 11:37 p.m.•56 views

CVE-2020-27428

CVE-2020-27428 affects the Scratch-Svg-Renderer library (v0.2.0). The vulnerability is described as a DOM-based cross-site scripting (XSS) issue that allows an attacker to execute arbitrary web scripts or HTML through a crafted sb3 file. The cited impact indicates possible code execution in the c...

6.1CVSS5.8AI score0.00328EPSS

Exploits0References1Affected Software1

Node.js•added 2020/11/09 2:24 p.m.•51 views

Cross-Site Scripting in scratch-svg-renderer

Overview This affects the package scratch-svg-renderer before 0.2.0-prerelease.20201019174008. The loadString function does not escape SVG properly, which can be used to inject arbitrary elements into the DOM via the transformMeasurements function. Recommendation Upgrade to version...

6.8CVSS3.2AI score0.06179EPSS

Exploits3Affected Software1

Github Security Blog•added 2020/11/09 2:21 p.m.•48 views

Cross-Site Scripting in scratch-svg-renderer

This affects the package scratch-svg-renderer before 0.2.0-prerelease.20201019174008. The loadString function does not escape SVG properly, which can be used to inject arbitrary elements into the DOM via the transformMeasurements function...

9.6CVSS3.8AI score0.06179EPSS

Exploits3References4Affected Software1

OSV•added 2020/11/09 2:21 p.m.•16 views

GHSA-J977-G5VJ-J27G Cross-Site Scripting in scratch-svg-renderer

9.6CVSS9.2AI score0.06179EPSS

Exploits3References3

NVD•added 2020/10/21 5:15 p.m.•16 views

CVE-2020-7750

9.6CVSS0.06179EPSS

Exploits3References2

OSV•added 2020/10/21 5:15 p.m.•20 views

CVE-2020-7750

9.6CVSS6.7AI score

Exploits0References2

Prion•added 2020/10/21 5:15 p.m.•14 views

Code injection

6.8CVSS9.2AI score0.06179EPSS

Exploits3References2Affected Software1

Cvelist•added 2020/10/21 4:20 p.m.•20 views

CVE-2020-7750 Cross-site Scripting (XSS)

9.6CVSS9.3AI score0.06179EPSS

Exploits3References2

CVE•added 2020/10/21 4:20 p.m.•93 views

CVE-2020-7750

CVE-2020-7750 affects the scratch-svg-renderer package prior to 0.2.0-prerelease.20201019174008. The loadString function does not escape SVG content, allowing injection of arbitrary elements into the DOM via _transformMeasurements, which could enable cross-site scripting; the vulnerability is rat...

9.6CVSS9.3AI score0.06179EPSS

Exploits3References2Affected Software1

vulnersOsv•added 2020/10/21 4:5 p.m.•1 views

@intesso/scratch-paint (=0.2.0), @wdr-data/scratch-render (=0.1.0-prerelease.20180918201144-fixed-1) +13 more potentially affected by CVE-2020-7750 via scratch-svg-renderer (>=0.1.0-prerelease.20180524210316 <=0.2.0-prerelease.20201016121710)

scratch-svg-renderer NPM version =0.1.0-prerelease.20180524210316, =0.0.1, =0.1.0-prerelease.2019-05-26T04-34Z, =0.2.0-prerelease.20181120191526, =0.1.0-prerelease.20210117145449, =0.1.0-prerelease.20200903194013, =0.2.0, =0.1.0-prerelease.20180531210700, =0.1.0, =0.1.0-prerelease.20201214071805,...

9.6CVSS7.2AI score0.06179EPSS

Exploits3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by