Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data. The Kryo-based persistence serializers KryoStateMachineSerialisationService / AbstractKryoStateMachineSerialisationService deserialise persisted state-machine contexts without enabling...

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data. The Kryo-based persistence serializers KryoStateMachineSerialisationService / AbstractKryoStateMachineSerialisationService deserialise persisted state-machine contexts without enabling...

Malicious code in @onerjs/serializers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 729400f12e8686271847d4633518c63363e156c251d18ede6f1d2e947aa2c0e0 This package replicates the public API of @babylonjs/serializers and ships its source verbatim, but rewrites every internal import from @babylonjs/co...

MAL-2026-4413 Malicious code in @onerjs/serializers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 729400f12e8686271847d4633518c63363e156c251d18ede6f1d2e947aa2c0e0 This package replicates the public API of @babylonjs/serializers and ships its source verbatim, but rewrites every internal import from @babylonjs/co...

CVE-2026-3739 suitenumerique messages ThreadAccess serializers.py ThreadAccessSerializer improper authentication

A security flaw has been discovered in suitenumerique messages 0.2.0. This issue affects the function ThreadAccessSerializer of the file src/backend/core/api/serializers.py of the component ThreadAccess. The manipulation results in improper authentication. The attack can be executed remotely. The...

Secure Parsing and Serializing with Separation Logic Applied to CBOR, CDDL, and COSE

Incorrect handling of security-critical data formats, particularly in low-level languages, are the root cause of many security vulnerabilities. Provably correct parsing and serialization tools that target languages like C can help. Towards this end, we present PulseParse, a library of verified...

Malicious code in active-model_version_serializers (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-6423 Malicious code in active-model_version_serializers (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in active-model_serializers_validator (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in active-model_serializers_cancancan (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in active-model_serializers_matchers (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-6416 Malicious code in active-model_serializers_cancancan (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in active-model_serializers-matchers (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in active-model_serializers_binary (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in active-model_serializers-hash_wrapper (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in active-model_serializers-jsonapi_embedded_records_deserializer (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in active-model_serializers-cancan (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious Package

Overview active-modelserializersbinary is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid usi...

GHSA-73CQ-FHP3-8RPW Moderate severity vulnerability that affects org.restlet.jse:org.restlet

Restlet Framework 2.1.x before 2.1.7 and 2.x.x before 2.2 RC1, when using XMLRepresentation or XML serializers, allows attackers to cause a denial of service via an XML Entity Expansion XEE attack...

CVE-2014-1868

Restlet Framework 2.1.x before 2.1.7 and 2.x.x before 2.2 RC1, when using XMLRepresentation or XML serializers, allows attackers to cause a denial of service via an XML Entity Expansion XEE attack...