12 matches found
PT-2026-42032
CVE-2026-45799 Maintainer summary Wire's protobuf group-skipping logic did not reject negative lengths before skipping a length-delimited field inside a group. A crafted protobuf payload could cause Wire to throw an unchecked runtime exception during decoding instead of the documented IOException...
Deserialization of Untrusted Data
Overview react-server-dom-parcel is a React Server Components bindings for DOM using Parcel. This is intended to be integrated into meta-frameworks. It is not intended to be imported directly. Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to unsafe...
HSEC-2024-0002 out-of-bounds write when there are many bzip2 selectors
out-of-bounds write when there are many bzip2 selectors A malicious bzip2 payload may produce a memory corruption resulting in a denial of service and/or remote code execution. Network services or command line utilities decompressing untrusted bzip2 payloads are affected. Note that the exploitati...
EUVD-2025-27629
Malicious code in bioql PyPI...
GHSA-33VC-WFWW-VJFV jsondiffpatch is vulnerable to Cross-site Scripting (XSS) via HtmlFormatter::nodeBegin
Vulnerability in jsondiffpatch Versions of jsondiffpatch prior to 0.7.2 are vulnerable to Cross-site Scripting XSS in the HtmlFormatter HtmlFormatter::nodeBegin. When diffs are rendered to HTML using the built-in formatter, untrusted payloads can inject scripts and execute in the context of a...
CVE-2025-9910
Versions of the package jsondiffpatch before 0.7.2 are vulnerable to Cross-site Scripting XSS via HtmlFormatter::nodeBegin. An attacker can inject malicious scripts into HTML payloads that may lead to code execution if untrusted payloads were used as source for the diff, and the result renderer...
CVE-2025-9910
Versions of the package jsondiffpatch before 0.7.2 are vulnerable to Cross-site Scripting XSS via HtmlFormatter::nodeBegin. An attacker can inject malicious scripts into HTML payloads that may lead to code execution if untrusted payloads were used as source for the diff, and the result renderer...
CVE-2025-9910
CVE-2025-9910 (jsondiffpatch) affects versions prior to 0.7.2 of jsondiffpatch, where HtmlFormatter::nodeBegin can be exploited to inject HTML/JS (XSS) that may enable code execution if untrusted payloads are diffed and rendered with the built-in HTML formatter on a private website. The entry not...
libthrift: potential DoS when processing untrusted payloads
A flaw was found in libthrift. Applications using Thrift would not show an error upon receiving messages declaring containers of sizes larger than the payload. This results in malicious RPC clients with the ability to send short messages which would result in a large memory allocation, potentiall...
Cross-site Scripting (XSS)
Overview org.webjars.npm:jsondiffpatch is a JSON diff & patch object and array diff, text diff, multiple output formats Affected versions of this package are vulnerable to Cross-site Scripting XSS via HtmlFormatter::nodeBegin. An attacker can inject malicious scripts into HTML payloads that may...
libthrift: potential DoS when processing untrusted payloads
A flaw was found in libthrift. Applications using Thrift would not show an error upon receiving messages declaring containers of sizes larger than the payload. This results in malicious RPC clients with the ability to send short messages which would result in a large memory allocation, potentiall...
PT-2016-3293
Name of the Vulnerable Software and Affected Versions bzip2 versions 1.0.6 and earlier Description The issue is related to an out-of-bounds write in the BZ2 decompress function in decompress.c when there are many selectors. This can lead to memory corruption, resulting in a denial of service and/...