GHSA-CH57-39Q2-4CRM malla: Stored XSS via Meshtastic node names in multiple frontend pages

Node names longname, shortname received via MQTT are stored in SQLite without sanitization and rendered into the DOM without escaping. Any participant on a public Meshtastic MQTT broker can set a malicious node name that executes JavaScript in the browser of every Malla dashboard visitor. Affecte...

EUVD-2026-32624

Gryph provides a security layer for AI coding agents. Prior to 0.7.0, Gryph implements logging levels that determine what content is logged to a local sqlite database. The README incorrectly mentions that the default log level is minimal while it is standard. Source code review shows sensitive...

CVE-2026-45046 Gryph Agents Payload Filter Fails to Strip Tool Payload for Sensitive Content

Gryph provides a security layer for AI coding agents. Prior to 0.7.0, Gryph implements logging levels that determine what content is logged to a local sqlite database. The README incorrectly mentions that the default log level is minimal while it is standard. Source code review shows sensitive...

CVE-2026-45046

Gryph provides a security layer for AI coding agents. Prior to 0.7.0, Gryph implements logging levels that determine what content is logged to a local sqlite database. The README incorrectly mentions that the default log level is minimal while it is standard. Source code review shows sensitive...

Supply chain compromise via malicious package versions (@cap-js/sqlite, @cap-js/postgres, @cap-js/db-service)

Impact On April 29, 2026, compromised versions of @cap-js/[email protected], @cap-js/[email protected], and @cap-js/[email protected] were published. The malicious packages harvested credentials and attempted self-propagation. If a compromised version was installed, all credentials accessible on that...

GHSA-PVW4-CVR4-97P8 Supply chain compromise via malicious package versions (@cap-js/sqlite, @cap-js/postgres, @cap-js/db-service)

Impact On April 29, 2026, compromised versions of @cap-js/[email protected], @cap-js/[email protected], and @cap-js/[email protected] were published. The malicious packages harvested credentials and attempted self-propagation. If a compromised version was installed, all credentials accessible on that...

Astra Linux - уязвимость в sqlite3

SQLite version 3.32.0 has an integer overflow issue in the sqlite3strvappendf function within printf.c...

Astra Linux - уязвимость в sqlite3

SQLite 3.30.1 improperly handles pExpr-y.pTab, as demonstrated by the TKCOLUMN case in sqlite3ExprCodeTarget in expr.c...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1, linux

In the Linux kernel, the following vulnerability has been resolved: nfsd: return -EINVAL when namelen is 0 When we have a corrupted main.sqlite file in /var/lib/nfs/nfsdcld/, it may result in namelen being 0, which will cause memdupuser to return ZEROSIZEPTR. When we access the name.data that has...

Astra Linux - уязвимость в sqlite3

SQLite 3.30.1 improperly handles certain SELECT statements involving a non-existent VIEW, resulting in an application crash...

Astra Linux - уязвимость в sqlite3

The zipfileUpdate function in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during the update of a ZIP archive...

Astra Linux - уязвимость в sqlite3

The flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN where the right-hand side is a view. This can lead to a NULL pointer dereference or incorrect results...

Astra Linux - уязвимость в sqlite3

SQLite version 3.31.1 allows attackers to cause a denial of service segmentation fault through a malformed window-function query, due to improper handling of the initialization of the AggInfo object...

Astra Linux - уязвимость в exim4

Exim 4.98 before 4.98.1 allowed remote SQL injection when SQLite hints and ETRN serialization were used. Resolving SQL injection requires an update to 4.99.1 in certain non-default rate-limit configurations...

Astra Linux - уязвимость в sqlite3

In SQlite 3.31.1, a potential null pointer derefrence was detected during the INTERSEC query processing...

Astra Linux - уязвимость в sqlite3

SQLite version 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c...

Astra Linux - уязвимость в sqlite3

SQLite 3.30.1 improperly handles certain parser-tree rewrites, related to files expr.c, vdbeaux.c, and window.c. This issue is caused by incorrect error handling in the sqlite3WindowRewrite function...

PT-2026-42206

Impact On April 29, 2026, compromised versions of @cap-js/[email protected], @cap-js/[email protected], and @cap-js/[email protected] were published. The malicious packages harvested credentials and attempted self-propagation. If a compromised version was installed, all credentials accessible on that...

Diesel: Possible unaligned data access for implementations of `SqliteAggregate`

Diesel allows to register custom aggregate SQL functions for SQLite via the SqliteAggregate interface. To store an instance of the custom aggregate processor Diesel relied on the sqlite3aggregatecontext function provided by sqlite. This function doesn't provide any guarantees about alignment of t...

GHSA-Q8X8-JRHJ-FH9P Diesel: Possible unaligned data access for implementations of `SqliteAggregate`

Diesel allows to register custom aggregate SQL functions for SQLite via the SqliteAggregate interface. To store an instance of the custom aggregate processor Diesel relied on the sqlite3aggregatecontext function provided by sqlite. This function doesn't provide any guarantees about alignment of t...