3 matches found
CVE-2025-22149
JWK Set JSON Web Key Set is a JWK and JWK Set Go implementation. Prior to 0.6.0, the project's provided HTTP client's local JWK Set cache should do a full replacement when the goroutine refreshes the remote JWK Set. The current behavior is to overwrite or append. This is a security issue for use...
CVE-2024-1880
CVE-2024-1880 concerns the significant-gravitas/autogpt project, where the MacOSTTS component (MacOS Text-To-Speech) in the _speech method uses os.system to run the say command with user-supplied text. This allows OS command injection and potential arbitrary code execution when AutoGPT is run wit...
Npm mixme has a denial of service vulnerability
Npm mixme is an application from the American company Npm. It is used to recursively merge multiple objects. The last object takes precedence over previous objects. A security vulnerability exists in Npm mixme version v0.5.0, which can be exploited by an attacker to add or modify properties of an...