5 matches found
1byte-react-design (>=1.7.1 <=1.14.0), 1g6table (=0.1.0) +1601 more potentially affected by unknown CVE via @antv/event-emitter (=0.1.3)
@antv/event-emitter NPM version =0.1.3 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/event-emitter and may be impacted: - 1byte-react-design =1.7.1, =1.1.0, =1.0.0, =0.1.1, =0.1.1, =0.1.0, =0.0.2, =0.0.9, =0.1.2, =1.1.43, =0.9.1, =5.0.48,...
@action.sustainability/storybook-dashboard (>=0.1.1 <=0.1.5), @agentlab/ldkg-ui-charts (>=0.1.4 <=0.1.7) +312 more potentially affected by unknown CVE via @antv/g-device-api (=1.6.13)
@antv/g-device-api NPM version =1.6.13 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/g-device-api and may be impacted: - @action.sustainability/storybook-dashboard =0.1.1, =0.1.4, =1.1.15, =0.1.0, =1.0.17-beta.1, =0.0.1-beta.2, =0.1.0,...
Cross-site Scripting (XSS)
Overview @fluentui/react-charts is a React web chart controls for Microsoft fluentui v9 system. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the unsecured SVG attribute spreading in the CartesianChart, Legend Shape renderer, and LineChart event annotation Textb...
@agentlab/ldkg-ui-basetable (=0.1.1), @agentlab/ldkg-ui-charts (>=0.1.2 <=0.1.7) +330 more potentially affected by CVE-2023-48219 via tinymce (>=4.5.1 <=5.10.8)
tinymce NPM version =4.5.1, =0.1.2, =0.3.7, =0.1.17, =1.0.0, =1.0.0, =1.33.0, =1.0.0-alpha.39-baliz, =4.3.0, =0.5.0, =0.1.0, =0.0.4, =0.1.2, =0.8.4, =0.8.5 and more Source cves: CVE-2023-48219 Source advisory: OSV:GHSA-V626-R774-J7F8...
PT-2020-15029 · Apache · Apache Airflow
Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 1.10.13 Description: The Charts and Query View of the old Flask-admin based UI in Apache Airflow were vulnerable to a Server-Side Request Forgery SSRF attack. Recommendations: For versions prior to 1.10.13,...