Unsafe Dependency Resolution

Overview electerm is an open-sourced terminal/ssh/telnet/serialport/sftp client Affected versions of this package are vulnerable to Unsafe Dependency Resolution in the handling of protocol URLs or command-line options. An attacker can execute arbitrary local code by enticing a user to click a...

Unsafe Dependency Resolution

Overview electerm is an open-sourced terminal/ssh/telnet/serialport/sftp client Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the runWidget function. An attacker can achieve arbitrary code execution by supplying crafted input that exploits path traversal to...

Unsafe Dependency Resolution

Overview Affected versions of this package are vulnerable to Unsafe Dependency Resolution due to improper validation of HTTPS certificates in the parser process. An attacker can inject or modify remote CSS content by performing a man-in-the-middle attack during stylesheet loading over HTTPS...

Unsafe Dependency Resolution

Overview ironic-python-agent is an Ironic Python Agent Ramdisk Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the grub-install process. An attacker can achieve code execution by providing a malicious partition image that is deployed and subsequently chrooted ...

Unsafe Dependency Resolution

Overview ironic is an OpenStack Bare Metal Provisioning Affected versions of this package are vulnerable to Unsafe Dependency Resolution in the ipmitool process when a non-default configuration enables a console interface. An attacker can execute unauthorized commands by leveraging access to the...

Unsafe Dependency Resolution

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the process that loads environment variables from workspace configuration. An attacker can execute arbitrary code with the privileges of the operator by...

Unsafe Dependency Resolution

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the OpenShell mirror mode that converts untrusted sandbox files into workspace hooks. An attacker can execute arbitrary code on the host system by providi...

Unsafe Dependency Resolution

Overview Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the artifact creation process. An attacker can gain unauthorized access to sensitive credentials by extracting workflow artifacts containing the GITHUBTOKEN. Remediation Upgrade...

Unsafe Dependency Resolution

Overview Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the artifact creation process. An attacker can gain unauthorized access to sensitive credentials by extracting workflow artifacts containing the GITHUBTOKEN. Remediation Upgrade...

Unsafe Dependency Resolution

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Unsafe Dependency Resolution in the authentication setup. An attacker can cause untrusted workspace plugins to be auto-enabled by leveraging non-interactive onboarding that selects a...

Unsafe Dependency Resolution

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

Unsafe Dependency Resolution

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Unsafe Dependency Resolution through the channel setup process. An attacker can execute arbitrary code by introducing a malicious workspace plugin that claims a bundled channel id, allowi...

Unsafe Dependency Resolution

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the automatic plugin discovery in .openclaw/extensions/. An attacker can execute arbitrary code by including a malicious plugin in a cloned repository,...

Unsafe Dependency Resolution

Overview nltk is a Natural Language Toolkit NLTK is a Python package for natural language processing. Affected versions of this package are vulnerable to Unsafe Dependency Resolution due to lack of verification or sandboxing in the StanfordSegmenter module, when unvalidated Java Archive JAR files...

Unsafe Dependency Resolution

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the shell-env process. An attacker can execute arbitrary binaries with the privileges of the affected process by influencing the $SHELL environment variab...

Unsafe Dependency Resolution

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the safeBins process. An attacker can execute arbitrary commands in the application runtime context by placing a malicious binary with the same name as a...

Unsafe Dependency Resolution

Overview @tygo-van-den-hurk/slyde is a Make beautifully animated Slydes and presentations from XML with ease! Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the automatic import process of /.plugin.js,mjs files from dependencies. An attacker can execute...

Unsafe Dependency Resolution

Overview lfx is a lfx is a command-line tool for running Langflow workflows. It provides two main commands: serve and run. Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the execglobals parameter in the validate endpoint. An attacker can execute arbitrary cod...

Unsafe Dependency Resolution

Overview langflow is an A Python package with a built-in web application Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the execglobals parameter in the validate endpoint. An attacker can execute arbitrary code by supplying crafted input to this parameter...

Unsafe Dependency Resolution

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the Git node process, leading to code execution. A user can execute arbitrary system commands by setting a malicious core.hooksPath configuration and including a...