4 matches found
CVE-2026-59948
CVE-2026-59948 affects Composer (PHP dependency manager). A malicious package from an untrusted repo (not Packagist.org/Private Packagist) with an invalid name could cause install/update to write attacker-controlled files outside the vendor directory and project. Root cause: failure to validate t...
@tinacms/app (>=0.0.0-0b7103c-20251216023146 <=2.3.25), @tinacms/cli (>=0.0.0-0b7103c-20251216023146 <=2.1.6) +4 more potentially affected by CVE-2026-28791 via @tinacms/graphql (>=2.0.0 <=2.1.2)
@tinacms/graphql NPM version =2.0.0, =0.0.0-0b7103c-20251216023146, =0.0.0-0b7103c-20251216023146, =2.0.0, =0.0.0-0b7103c-20251216023146, =0.0.0-0b7103c-20251216023146, =0.0.0-0b7103c-20251216023146, =3.5.0 Source cves: CVE-2026-28791 Source advisory: SNYK:JS-TINACMSGRAPHQL-15518326...
125softnlp (=0.0.1), a2 (>=0.10.11 <=0.10.13) +4761 more potentially affected by CVE-2021-37673 via tensorflow (>=1.0.1 <=2.3.2)
tensorflow PYPI version =1.0.1, =0.10.11, =0.1.0, =0.0.0, =0.6.0, =0.1.6, =1.0.0, =0.0.1, =0.2.0, =0.6.0, =0.1.0, =0.1.0, =0.2.0 and more Source cves: CVE-2021-37673 Source advisory: OSV:GHSA-278G-RQ84-9HMG...
1st-project (=1.0.2), @142vip/egg-sequelize (>=0.0.1 <=0.0.2) +1065 more potentially affected by CVE-2019-10748 via sequelize (>=5.10.0 <=5.8.10)
sequelize NPM version =5.10.0, =0.0.1, =0.5.0, =1.0.0, =1.0.0, =1.0.0, =0.0.1, =1.0.1, =1.0.0, =0.2.0, =1.0.1, =1.0.2 - @aica/js-app =1.0.1 and more Source cves: CVE-2019-10748 Source advisory: OSV:GHSA-J9XP-92VC-559J...