@clerk/chrome-extension (>=3.0.0 <=3.1.25-canary.v20260508190534), @clerk/expo (>=3.0.0 <=3.2.11-canary.v20260508190534) +3 more potentially affected by CVE-2026-42349 via @clerk/clerk-js (>=6.0.1-canary.v20260303211310 <=6.7.5-snapshot.v20260421194054)

@clerk/clerk-js NPM version =6.0.1-canary.v20260303211310, =3.0.0, =3.0.0, =0.2.13, =0.2.0, =0.8.3 - tauri-plugin-clerk =0.1.1 Source cves: CVE-2026-42349 Source advisory: SNYK:JS-CLERKCLERKJS-16347748...

EUVD-2025-28983

Malicious code in bioql PyPI...

CVE-2025-59053

AIRI is a self-hosted, artificial intelligence based Grok Companion. In v0.7.2-beta.2 in the packages/stage-ui/src/components/MarkdownRenderer.vue path, the Markdown content is processed using the useMarkdown composable, and the processed HTML is rendered directly into the DOM using v-html. An...

CVE-2025-59053 AIRI's character card/chat UI is vulnerable to XSS and can lead to RCE

AIRI is a self-hosted, artificial intelligence based Grok Companion. In v0.7.2-beta.2 in the packages/stage-ui/src/components/MarkdownRenderer.vue path, the Markdown content is processed using the useMarkdown composable, and the processed HTML is rendered directly into the DOM using v-html. An...

Improper Scope Validation in the `open` Endpoint of `tauri-plugin-shell`

Impact The Tauri shell plugin exposes functionality to execute code and open programs on the system. The open endpoint of this plugin is designed to allow open functionality with the system opener e.g. xdg-open on Linux. This was meant to be restricted to a reasonable number of protocols like htt...

GHSA-C9PR-Q8GX-3MGP Improper Scope Validation in the `open` Endpoint of `tauri-plugin-shell`

Impact The Tauri shell plugin exposes functionality to execute code and open programs on the system. The open endpoint of this plugin is designed to allow open functionality with the system opener e.g. xdg-open on Linux. This was meant to be restricted to a reasonable number of protocols like htt...

CVE-2025-31477 Improper Scope Validation in the open Endpoint of tauri-plugin-shell

The Tauri shell plugin allows access to the system shell. Prior to 2.2.1, the Tauri shell plugin exposes functionality to execute code and open programs on the system. The open endpoint of this plugin is designed to allow open functionality with the system opener e.g. xdg-open on Linux. This was...

CVE-2025-31477 Improper Scope Validation in the open Endpoint of tauri-plugin-shell

The Tauri shell plugin allows access to the system shell. Prior to 2.2.1, the Tauri shell plugin exposes functionality to execute code and open programs on the system. The open endpoint of this plugin is designed to allow open functionality with the system opener e.g. xdg-open on Linux. This was...

Malicious code in tauri-plugin-autostart-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b142e694f8cc092c192ccd1c5256735955990e191b4b413415a7304ea45c582c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-11180 Malicious code in tauri-plugin-autostart-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b142e694f8cc092c192ccd1c5256735955990e191b4b413415a7304ea45c582c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in tauri-plugin-sql-api (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-3081 Malicious code in tauri-plugin-sql-api (npm)

--- -= Per source details. Do not edit below this line.=-...

tauri-plugin-fs (>=2.0.0-alpha.0 <=2.0.0-alpha.2) potentially affected by CVE-2022-46171 via tauri (=2.0.0-alpha.15)

tauri CARGO version =2.0.0-alpha.15 is affected by a known vulnerability. The following packages have a transitive dependency on tauri and may be impacted: - tauri-plugin-fs =2.0.0-alpha.0, =2.0.0-alpha.2 Source cves: CVE-2022-46171 Source advisory: OSV:GHSA-6MV3-WM7J-H4W5...