GHSA-2R8F-CF6W-X5VQ Duplicate Advisory: FUXA contains a hard-coded credential vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-c8m8-3jcr-6rj5. This link is maintained to preserve external references. Original Description FUXA v1.2.7 contains a hard-coded credential vulnerability in server/api/jwt-helper.js. The application uses a...

EUVD-2025-206717

FUXA v1.2.7 contains a hard-coded credential vulnerability in server/api/jwt-helper.js. The application uses a hard-coded secret key to sign and verify JWT Tokens. This allows remote attackers to forge valid admin tokens and bypass authentication to gain full administrative access...

CVE-2021-31821

When the Windows Tentacle docker image starts up it logs all the commands that it runs along with the arguments, which writes the Octopus Server API key in plaintext. This does not affect the Linux Docker image...

CVE-2022-26332

Cipi 3.1.15 allows Add Server stored XSS via the /api/servers name field...

CVE-2019-20887

An issue was discovered in Mattermost Server before 5.7.1, 5.6.4, 5.5.3, and 4.10.6. It does not honor flags API permissions when deciding whether a user can receive intra-team posts...

@asyncapi/server-api (>=0.16.0 <=0.16.23) potentially affected by unknown CVE via @asyncapi/go-watermill-template (=0.2.75)

@asyncapi/go-watermill-template NPM version =0.2.75 is affected by a known vulnerability. The following packages have a transitive dependency on @asyncapi/go-watermill-template and may be impacted: - @asyncapi/server-api =0.16.0, =0.16.23 Source cves: unknown CVE Source advisory:...

@asyncapi/server-api (>=0.16.0 <=0.16.23) potentially affected by unknown CVE via @asyncapi/java-spring-cloud-stream-template (=0.13.4)

@asyncapi/java-spring-cloud-stream-template NPM version =0.13.4 is affected by a known vulnerability. The following packages have a transitive dependency on @asyncapi/java-spring-cloud-stream-template and may be impacted: - @asyncapi/server-api =0.16.0, =0.16.23 Source cves: unknown CVE Source...

@asyncapi/glee (>=0.13.0 <=0.37.9), @asyncapi/server-api (>=0.16.0 <=0.16.23) potentially affected by unknown CVE via @asyncapi/markdown-template (=1.6.7)

@asyncapi/markdown-template NPM version =1.6.7 is affected by a known vulnerability. The following packages have a transitive dependency on @asyncapi/markdown-template and may be impacted: - @asyncapi/glee =0.13.0, =0.16.0, =0.16.23 Source cves: unknown CVE Source advisory:...

@asyncapi/server-api (>=0.16.0 <=0.16.23) potentially affected by unknown CVE via @asyncapi/python-paho-template (=0.2.13)

@asyncapi/python-paho-template NPM version =0.2.13 is affected by a known vulnerability. The following packages have a transitive dependency on @asyncapi/python-paho-template and may be impacted: - @asyncapi/server-api =0.16.0, =0.16.23 Source cves: unknown CVE Source advisory:...

@asyncapi/server-api (>=0.16.0 <=0.16.23) potentially affected by unknown CVE via @asyncapi/java-spring-template (=1.6.0)

@asyncapi/java-spring-template NPM version =1.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on @asyncapi/java-spring-template and may be impacted: - @asyncapi/server-api =0.16.0, =0.16.23 Source cves: unknown CVE Source advisory:...

@asyncapi/server-api (>=0.16.0 <=0.16.23) potentially affected by unknown CVE via @asyncapi/java-template (=0.2.10)

@asyncapi/java-template NPM version =0.2.10 is affected by a known vulnerability. The following packages have a transitive dependency on @asyncapi/java-template and may be impacted: - @asyncapi/server-api =0.16.0, =0.16.23 Source cves: unknown CVE Source advisory:...

Malicious code in @asyncapi/server-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 228ed250759da1a81a55ea29e65821a583726c0c472d925b0c86d4e44e49e002 The package @asyncapi/server-api was found to contain malicious code. Source: ghsa-malware...

MAL-2025-190801 Malicious code in @asyncapi/server-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 228ed250759da1a81a55ea29e65821a583726c0c472d925b0c86d4e44e49e002 The package @asyncapi/server-api was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-198876

Malicious code in @asyncapi/server-api npm...

EUVD-2018-5289

Malware in sbrugna...

EUVD-2021-26228

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2022-24829

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Garden is an automation platform for Kubernetes development and testing. In versions prior to 0.12.39 multiple endpoints did not require authentication. In some...

Linux Distros Unpatched Vulnerability : CVE-2019-2993

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: C API. Supported versions that are affected are 5.7.27 and prior and 8.0.17 and...

Python A2A 路径遍历漏洞

Python A2A is a functional Python library by the individual developer Manoj Desai for implementing Google's A2A protocol. A security vulnerability exists in Python A2A version 0.5.5 and earlier, which stems from a path traversal issue in the function createworkflow in the file...

CVE-2024-3317

An improper access control was identified in the Identity Security Cloud ISC message server API that allowed an authenticated user to exfiltrate job processing metadata opaque messageIDs, work queue depth and counts for other tenants...