Malicious code in quickwinston (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 304b4e430bff604f20121bc97398fa6ee18a25c16187d31b6553248bc54e63c7 The OpenSSF Package Analysis project identified 'quickwinston' @ 3.19.3 npm as malicious. It is considered malicious because: - The package...

CVE-2026-2266

An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allowed DOM-based cross-site scripting via task list content. The task list content extraction logic did not properly re-encode browser-decoded text nodes before rendering, allowing user-supplied HTM...

CVE-2026-3854

An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an attacker with push access to a repository to achieve remote code execution on the instance. During a git push operation, user-supplied push option values were not properly...

CVE-2026-3854

An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an attacker with push access to a repository to achieve remote code execution on the instance. During a git push operation, user-supplied push option values were not properly...

EUVD-2025-6986

Malicious code in bioql PyPI...

CVE-2024-6483

A vulnerability in the runs/delete-batch endpoint of aimhubio/aim version 3.19.3 allows for arbitrary file or directory deletion through path traversal. The endpoint does not mitigate path traversal when handling user-specified run-names, which are used to specify log/metadata files for deletion...

CVE-2024-6829 Arbitrary File Overwrite through tarfile-extraction in aimhubio/aim

A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to exploit the tarfile.extractall function to extract the contents of a maliciously crafted tarfile to arbitrary locations on the host server. The attacker can control repo.path and runhash to bypass directory existence checks and...

CVE-2024-6829

CVE-2024-6829 affects aimhubio/aim 3.19.3. The vulnerability arises in tarfile.extractall(), allowing an attacker-controlled tarfile to be extracted to arbitrary locations on the host by manipulating repo.path and run_hash. This bypasses directory existence checks and can result in arbitrary file...

CVE-2024-6483 Arbitrary File/Directory Deletion in aimhubio/aim

A vulnerability in the runs/delete-batch endpoint of aimhubio/aim version 3.19.3 allows for arbitrary file or directory deletion through path traversal. The endpoint does not mitigate path traversal when handling user-specified run-names, which are used to specify log/metadata files for deletion...

CVE-2025-22777

Deserialization of Untrusted Data vulnerability in StellarWP GiveWP give allows Object Injection.This issue affects GiveWP: from n/a through = 3.19.3...

CVE-2025-22777

Deserialization of Untrusted Data vulnerability in GiveWP GiveWP allows Object Injection.This issue affects GiveWP: from n/a through 3.19.3...

Aim Stored Cross-site Scripting Vulnerability

A stored cross-site scripting XSS vulnerability exists in aimhubio/aim version 3.19.3. The vulnerability arises from the improper neutralization of input during web page generation, specifically in the logs-tab for runs. The terminal output logs are displayed using the dangerouslySetInnerHTML...

GHSA-P9F2-JG9W-CX69 Aim Stored Cross-site Scripting Vulnerability

A stored cross-site scripting XSS vulnerability exists in aimhubio/aim version 3.19.3. The vulnerability arises from the improper neutralization of input during web page generation, specifically in the logs-tab for runs. The terminal output logs are displayed using the dangerouslySetInnerHTML...

CVE-2024-6578

A stored cross-site scripting XSS vulnerability exists in aimhubio/aim version 3.19.3. The vulnerability arises from the improper neutralization of input during web page generation, specifically in the logs-tab for runs. The terminal output logs are displayed using the dangerouslySetInnerHTML...

CVE-2024-6578

Stored XSS in aimhubio/aim 3.19.3 affects the logs-tab rendering, where logs are output with React dangerouslySetInnerHTML, allowing injected scripts to execute when a user views logs. Root cause: improper neutralization of input during web page generation. Impact: potential script execution in a...

CVE-2024-6578 Stored XSS in aimhubio/aim

A stored cross-site scripting XSS vulnerability exists in aimhubio/aim version 3.19.3. The vulnerability arises from the improper neutralization of input during web page generation, specifically in the logs-tab for runs. The terminal output logs are displayed using the dangerouslySetInnerHTML...

PT-2024-37732 · Aimhubio · Aim

Name of the Vulnerable Software and Affected Versions: aimhubio/aim version 3.19.3 Description: A stored cross-site scripting XSS issue exists due to the improper neutralization of input during web page generation, specifically in the logs-tab for runs. The terminal output logs are displayed usin...

Aim 跨站脚本漏洞

Aim is an easy-to-use and high-performance open source experiment tracker from Aim Open Source USA. Aim version 3.19.3 suffers from a cross-site scripting vulnerability that stems from incorrect neutralization of inputs during web page generation, which results in susceptibility to cross-site...

PT-2024-37593 · Aimhubio · Aim

Name of the Vulnerable Software and Affected Versions: aimhubio/aim version 3.19.3 Description: The issue arises from improper handling of the run hash and repo.path parameters in the backup run function, allowing remote attackers to manipulate these parameters and create or write to arbitrary fi...

Aim security breach

Aim is an easy-to-use and high-performance open source experiment tracker from Aim Open Source USA. Aim version 3.19.3 has a security vulnerability that stems from a flawed function in the remote tracking settings that allows backuprun to overwrite any file and steal arbitrary data...