110881 matches found
@squawk/mcp (>=0.2.0 <=0.9.0) potentially affected by unknown CVE via @squawk/flightplan (>=0.3.3 <=0.5.1)
@squawk/flightplan NPM version =0.3.3, =0.2.0, =0.9.0 Source cves: unknown CVE Source advisory: SNYK:JS-SQUAWKFLIGHTPLAN-16640877...
@squawk/mcp (>=0.2.0 <=0.9.0) potentially affected by unknown CVE via @squawk/fixes (>=0.1.4 <=0.3.1)
@squawk/fixes NPM version =0.1.4, =0.2.0, =0.9.0 Source cves: unknown CVE Source advisory: SNYK:JS-SQUAWKFIXES-16640881...
@squawk/airports (>=0.2.0 <=0.6.1), @squawk/airspace (>=0.2.3 <=0.8.0) +7 more potentially affected by unknown CVE via @squawk/units (=0.4.2)
@squawk/units NPM version =0.4.2 is affected by a known vulnerability. The following packages have a transitive dependency on @squawk/units and may be impacted: - @squawk/airports =0.2.0, =0.2.3, =0.2.0, =0.1.0, =0.2.0, =0.3.0, =0.2.0, =0.2.0, =0.2.0, =0.4.1 Source cves: unknown CVE Source...
@squawk/mcp (>=0.2.0 <=0.9.0) potentially affected by unknown CVE via @squawk/airspace (>=0.4.1 <=0.8.0)
@squawk/airspace NPM version =0.4.1, =0.2.0, =0.9.0 Source cves: unknown CVE Source advisory: SNYK:JS-SQUAWKAIRSPACE-16640892...
@squawk/mcp (>=0.2.0 <=0.9.0) potentially affected by unknown CVE via @squawk/procedures (>=0.2.4 <=0.5.1)
@squawk/procedures NPM version =0.2.4, =0.2.0, =0.9.0 Source cves: unknown CVE Source advisory: SNYK:JS-SQUAWKPROCEDURES-16640885...
@squawk/mcp (>=0.2.0 <=0.9.0) potentially affected by unknown CVE via @squawk/airports (>=0.3.2 <=0.6.1)
@squawk/airports NPM version =0.3.2, =0.2.0, =0.9.0 Source cves: unknown CVE Source advisory: SNYK:JS-SQUAWKAIRPORTS-16640888...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...
GHSA-WXX8-76RW-96J2
creationtimestamp| type| source ---|---|--- 2026-05-11 20:29:17+00:00| seen| https://gist.github.com/tw89Coder/cd011dc1842625f821c171e41e812fbc...
GHSA-Q9FQ-3RX9-7XCV
creationtimestamp| type| source ---|---|--- 2026-05-11 20:29:17+00:00| seen| https://gist.github.com/tw89Coder/cd011dc1842625f821c171e41e812fbc...
CVE-2026-44905
creationtimestamp| type| source ---|---|--- 2026-05-11 20:29:17+00:00| seen| https://gist.github.com/tw89Coder/cd011dc1842625f821c171e41e812fbc 2026-05-26 23:00:43+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mms3violnv2e 2026-05-27 01:13:40+00:00| seen|...
CVE-2026-43988
creationtimestamp| type| source ---|---|--- 2026-05-11 20:29:17+00:00| seen| https://gist.github.com/tw89Coder/cd011dc1842625f821c171e41e812fbc 2026-05-27 04:01:17+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mmsmovh4ot2z...
CVE-2026-45223
creationtimestamp| type| source ---|---|--- 2026-05-11 20:02:09+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mlm2wduquj2k 2026-05-11 20:30:50+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlm4jgz6l62e...
CVE-2026-45671
creationtimestamp| type| source ---|---|--- 2026-05-11 19:46:11+00:00| published-proof-of-concept| https://github.com/open-webui/open-webui/security/advisories/GHSA-26g9-27vm-x3q8 2026-05-16 10:00:04+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mlxlm7v57a2n...
CVE-2026-5266
creationtimestamp| type| source ---|---|--- 2026-05-11 19:40:14+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mllzp7kxcx2k 2026-05-11 19:40:14+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mllzp7kxcx2k...
Cross-site Scripting (XSS)
Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the bugreportpage.php process when cloning an issue from a different project, due to improper escaping of the source project name. An attacker with sufficient...
CVE-2026-44996
creationtimestamp| type| source ---|---|--- 2026-05-11 19:07:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mllxu2s6ga2c 2026-05-11 19:07:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mllxu2s6ga2c...
CVE-2026-45667
creationtimestamp| type| source ---|---|--- 2026-05-11 19:07:10+00:00| published-proof-of-concept| https://github.com/open-webui/open-webui/security/advisories/GHSA-m69w-p7m4-585j 2026-05-16 00:24:12+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlwlgnytx32i...
CVE-2026-2614 Arbitrary File Read via Prompt Tag Source Validation Bypass in mlflow/mlflow
A vulnerability in the createmodelversion handler of mlflow/server/handlers.py in mlflow/mlflow versions 3.9.0 and earlier allows an unauthenticated remote attacker to read arbitrary files from the server's filesystem. The issue arises when a CreateModelVersion request includes the tag...
CVE-2026-2614 Arbitrary File Read via Prompt Tag Source Validation Bypass in mlflow/mlflow
A vulnerability in the createmodelversion handler of mlflow/server/handlers.py in mlflow/mlflow versions 3.9.0 and earlier allows an unauthenticated remote attacker to read arbitrary files from the server's filesystem. The issue arises when a CreateModelVersion request includes the tag...
CVE-2026-45002
creationtimestamp| type| source ---|---|--- 2026-05-11 18:55:33+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mllx7csja72h...