Lucene search
K

23 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/09 10:48 p.m.3 views

CVE-2026-30916

REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: Further investigation determined that the software behavior described did not falls within the project's threat model. See https://github.com/github/advisory-database/pull/7206 for more information...

5.8AI score0.00052EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2026/03/07 2:31 a.m.7 views

@coder/cmux (>=0.3.0-next.64.g5f200a6 <=0.5.1-next.10.g83f9dd4), @dccxx/auggie-shell-mcp (>=1.0.6 <=1.0.29) +14 more potentially affected by CVE-2026-30916 via shescape (>=2.1.0 <=2.1.6)

shescape NPM version =2.1.0, =0.3.0-next.64.g5f200a6, =1.0.6, =0.1.0, =0.9.22, =2.6.0, =2.0.0, =1.1.0, =0.1.24, =0.5.1-next.11.g2647a3c, =0.3.0, =8.0.0, =6.0.0, =4.0.0, =3.0.0, =3.2.1 and more Source cves: CVE-2026-30916 Source advisory: SNYK:JS-SHESCAPE-15440479...

5.7AI score0.00052EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/09 9:24 a.m.9 views

CVE-2023-40185

shescape is simple shell escape library for JavaScript. This may impact users that use Shescape on Windows in a threaded context. The vulnerability can result in Shescape escaping or quoting for the wrong shell, thus allowing attackers to bypass protections depending on the combination of expecte...

8.6CVSS6.8AI score0.00556EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:42 a.m.9 views

CVE-2022-31179

Shescape is a simple shell escape package for JavaScript. Versions prior to 1.5.8 were found to be subject to code injection on windows. This impacts users that use Shescape any API function to escape arguments for cmd.exe on Windows An attacker can omit all arguments following their input by...

9.8CVSS7.1AI score0.011EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-0648

Malware in sbrugna...

7.8CVSS7.5AI score0.00573EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2023-2309

Malicious code in bioql PyPI...

8.6CVSS8.5AI score0.00556EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-38826

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.01138EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-7081

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.01246EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2025/05/22 11:10 p.m.9 views

CVE-2022-36064

Shescape is a shell escape package for JavaScript. An Inefficient Regular Expression Complexity vulnerability impacts users that use Shescape to escape arguments for the Unix shells Bash and Dash, or any not-officially-supported Unix shell; and/or using the escape or escapeAll functions with the...

7.5CVSS6.7AI score0.01138EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/27 11:44 p.m.13 views

CVE-2025-30222

Shescape is a simple shell escape library for JavaScript. Versions 1.7.2 through 2.1.1 are vulnerable to potential environment variable exposure on Windows with CMD. This impact users of Shescape on Windows that explicitly configure shell: 'cmd.exe' or shell: true using any of...

5.9CVSS6.7AI score0.0018EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2025/03/26 2:54 p.m.7 views

@clevercanyon/madrun (>=1.0.0 <=1.0.1), @coder/cmux (>=0.3.0-next.64.g5f200a6 <=0.5.1-next.10.g83f9dd4) +19 more potentially affected by CVE-2025-30222 via shescape (>=1.7.4 <=2.1.12)

shescape NPM version =1.7.4, =1.0.0, =0.3.0-next.64.g5f200a6, =1.0.6, =0.1.0, =0.9.22, =1.1.0, =0.1.2, =1.0.0, =0.1.24, =1.0.0, =1.5.1, =1.5.3 and more Source cves: CVE-2025-30222 Source advisory: OSV:GHSA-66PP-5P9W-Q87J...

5.9CVSS5.7AI score0.0018EPSS
Exploits0
OSV
OSV
added 2025/03/26 2:54 p.m.7 views

GHSA-66PP-5P9W-Q87J Shescape has potential environment variable exposure on Windows with CMD

Impact This impact users of Shescape on Windows that explicitly configure shell: 'cmd.exe' or shell: true using any of quote/quoteAll/escape/escapeAll. An attacker may be able to get read-only access to environment variables. Example: javascript import as cp from "node:childprocess"; import...

5.9CVSS6.3AI score0.0018EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2025/03/26 2:54 p.m.11 views

Shescape has potential environment variable exposure on Windows with CMD

Impact This impact users of Shescape on Windows that explicitly configure shell: 'cmd.exe' or shell: true using any of quote/quoteAll/escape/escapeAll. An attacker may be able to get read-only access to environment variables. Example: javascript import as cp from "node:childprocess"; import...

5.9CVSS7AI score0.0018EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2025/03/25 11:15 p.m.17 views

CVE-2025-30222

Shescape is a simple shell escape library for JavaScript. Versions 1.7.2 through 2.1.1 are vulnerable to potential environment variable exposure on Windows with CMD. This impact users of Shescape on Windows that explicitly configure shell: 'cmd.exe' or shell: true using any of...

5.9CVSS0.0018EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/03/25 11:0 p.m.5 views

CVE-2025-30222 Shescape has potential environment variable exposure on Windows with CMD

Shescape is a simple shell escape library for JavaScript. Versions 1.7.2 through 2.1.1 are vulnerable to potential environment variable exposure on Windows with CMD. This impact users of Shescape on Windows that explicitly configure shell: 'cmd.exe' or shell: true using any of...

5.9CVSS7AI score0.0018EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2023/08/22 6:0 p.m.5 views

@adobe/git-server (>=1.0.1 <=1.0.5), @adobe/helix-cli (>=5.7.7 <=6.1.0) +21 more potentially affected by CVE-2023-40185 via shescape (>=1.6.1 <=1.6.6)

shescape NPM version =1.6.1, =1.0.1, =5.7.7, =2.16.1, =0.1.3, =0.0.7, =0.1.0, =2.3.2, =2.3.2, =2.3.2, =2.3.3 and more Source cves: CVE-2023-40185 Source advisory: OSV:GHSA-J55R-787P-M549...

8.6CVSS7.2AI score0.00556EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2023/06/22 8:1 p.m.6 views

@adobe/git-server (>=1.0.1 <=1.0.5), @adobe/helix-cli (>=5.7.7 <=6.1.0) +21 more potentially affected by CVE-2023-35931 via shescape (>=1.6.1 <=1.6.6)

shescape NPM version =1.6.1, =1.0.1, =5.7.7, =2.16.1, =0.1.3, =0.0.7, =0.1.0, =2.3.2, =2.3.2, =2.3.2, =2.3.3 and more Source cves: CVE-2023-35931 Source advisory: OSV:GHSA-3G7P-8QHX-MC8R...

4.3CVSS5.8AI score0.00811EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2022/10/25 12:0 a.m.3 views

PT-2022-17604 · Shescape · Shescape

Name of the Vulnerable Software and Affected Versions: shescape versions 1.5.10 through 1.6.1 Description: The issue is related to a Regular Expression Denial of Service ReDoS vulnerability via the escape function in index.js, due to the usage of insecure regex in the escapeArgBash function. This...

7.5CVSS7.3AI score0.01246EPSS
Exploits1References11
OSV
OSV
added 2022/07/15 9:39 p.m.24 views

GHSA-JJC5-FP7P-6F8W Shescape prior to 1.5.8 vulnerable to insufficient escaping of line feeds for CMD

Impact This impacts users that use Shescape any API function to escape arguments for cmd.exe on Windows. An attacker can omit all arguments following their input by including a line feed character '\n' in the payload. Example: javascript import cp from "node:childprocess"; import as shescape from...

8.1CVSS8.8AI score0.011EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2022/07/15 12:0 a.m.7 views

PT-2022-20591 · Shescape · Shescape

Name of the Vulnerable Software and Affected Versions: Shescape versions prior to 1.5.8 Description: The issue impacts users of Shescape who use any API function to escape arguments for cmd.exe on Windows. An attacker can omit all arguments following their input by including a line feed character...

9.8CVSS9.6AI score0.011EPSS
Exploits1References9
Rows per page
Query Builder