CVE-2026-35480

go-ipld-prime is an implementation of the InterPlanetary Linked Data IPLD spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on IPLD objects. Prior to 0.22.0, the DAG-CBOR decoder uses collection sizes declared in CBOR headers a...

go-ipld-prime 安全漏洞

go-ipld-prime is an implementation of the IPLD open-source specification interface. Versions of go-ipld-prime prior to 0.22.0 contained security vulnerabilities. These vulnerabilities stemmed from the DAG-CBOR decoder using the set size declared in the CBOR header as a hint for Go’s pre-allocatio...

PrivateBin is missing HTML sanitization of attached filename in file size hint

We’ve identified an HTML injection/XSS vulnerability in PrivateBin service that allows the injection of arbitrary HTML markup via the attached filename. Below are the technical details, PoC, reproduction steps, impact, and mitigation recommendations. Recommend action: As the vulnerability has bee...

PT-2021-18552 · Unknown · Stackvector

Name of the Vulnerable Software and Affected Versions: stackvector crate through 2021-02-19 Description: The issue is related to an out-of-bounds write in StackVec::extend when size hint provides certain anomalous data. Specifically, if the size hint implementation returns a lower bound that is...