SUSE CVE-2026-21434

webtransport-go is an implementation of the WebTransport protocol. From 0.3.0 to 0.9.0, an attacker can cause excessive memory consumption in webtransport-go's session implementation by sending a WTCLOSESESSION capsule containing an excessively large Application Error Message. The implementation...

CVE-2026-25651

client-certificate-auth is middleware for Node.js implementing client SSL certificate authentication/authorization. Versions 0.2.1 and 0.3.0 of client-certificate-auth contain an open redirect vulnerability. The middleware unconditionally redirects HTTP requests to HTTPS using the unvalidated Hos...

client-certificate-auth Vulnerable to Open Redirect via Host Header Injection in HTTP-to-HTTPS redirect

Summary Versions 0.2.1 and 0.3.0 of client-certificate-auth contain an open redirect vulnerability. The middleware unconditionally redirects HTTP requests to HTTPS using the unvalidated Host header, allowing an attacker to redirect users to arbitrary domains. Vulnerable Code javascript //...

CVE-2026-25651 client-certificate-auth has an Open Redirect via Host Header Injection in HTTP-to-HTTPS redirect

client-certificate-auth is middleware for Node.js implementing client SSL certificate authentication/authorization. Versions 0.2.1 and 0.3.0 of client-certificate-auth contain an open redirect vulnerability. The middleware unconditionally redirects HTTP requests to HTTPS using the unvalidated Hos...

EUVD-2026-5630

client-certificate-auth is middleware for Node.js implementing client SSL certificate authentication/authorization. Versions 0.2.1 and 0.3.0 of client-certificate-auth contain an open redirect vulnerability. The middleware unconditionally redirects HTTP requests to HTTPS using the unvalidated Hos...

PT-2026-6212

Name of the Vulnerable Software and Affected Versions melange versions 0.3.0 through 0.40.2 Description melange enables users to create apk packages using declarative pipelines. A security issue exists in versions 0.3.0 through 0.40.2 where an attacker with the ability to supply build input value...

act-workflow (>=4.8.2 <=4.8.399), agent-builder (=0.0.1) +15 more potentially affected by CVE-2024-10940 via langchain-core (>=0.3.0 <=0.3.14)

langchain-core PYPI version =0.3.0, =4.8.2, =0.1.6, =0.3.0, =0.0.4, =0.1.14rc1, =0.1.8rc1, =0.3.0.dev1, =0.1.0, =4.2.1, =0.1.0, =0.4.16, =0.5.69 and more Source cves: CVE-2024-10940 Source advisory: OSV:GHSA-5CHR-FJJV-38QV...

PT-2025-2973 · Unknown · File Gallery

Name of the Vulnerable Software and Affected Versions: files.gallery versions 0.3.0 through 0.11.0 Description: A command injection vulnerability in the video thumbnail rendering component allows remote attackers to execute arbitrary code via a crafted video file. Recommendations: For versions...

emoji 安全漏洞

emoji is a simple emoticon from the Denosaurs team that supports the node.js project. A security vulnerability exists in Denosaurs emoji version 0.1.0 up to and including version 0.3.0, which stems from an inefficient second-order polynomial in a regular expression, resulting in a delayed respons...

cy-ioc-finder (>=7.2.3 <=7.2.13), d8s-archives (>=0.2.0 <=0.7.0) +25 more potentially affected by CVE-2022-42039 via d8s-lists (>=0.3.0 <=0.8.0)

d8s-lists PYPI version =0.3.0, =7.2.3, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.6.0, =0.2.0, =0.2.0, =0.2.0, =0.1.2, =0.2.0, =0.6.0 and more Source cves: CVE-2022-42039 Source advisory: OSV:PYSEC-2022-43027...

detect-character-encoding 安全漏洞

detect-character-encoding is an open source C++ plugin. A security vulnerability exists in detect-character-encoding 0.3.0 and earlier versions, which is caused by software that does not free allocated memory...

com.boxframework:box-server_2.12 (>=1.2.22 <=1.2.23), com.codacy:codacy-seed-client-akka-http_2.12 (>=1.1.0-master.51.7b7549c_akka25Circe08 <=1.2.0_akka25Circe08) +1 more potentially affected by CVE-2020-28452 via com.softwaremill.akka-http-session:core_2.12 (>=0.3.0 <=0.6.0)

com.softwaremill.akka-http-session:core2.12 MAVEN version =0.3.0, =1.2.22, =1.1.0-master.51.7b7549cakka25Circe08, =0.3.0, =0.6.0 Source cves: CVE-2020-28452 Source advisory: SNYK:JAVA-COMSOFTWAREMILLAKKAHTTPSESSION-1046674...

PT-2020-19674 · Confinit · Confinit

Name of the Vulnerable Software and Affected Versions: confinit versions 0.3.0 and earlier Description: The issue concerns Prototype Pollution, where the setDeepProperty function can be tricked into adding or modifying properties of Object.prototype using a proto payload. This allows for potentia...

DEBIAN-CVE-2017-6836

Heap-based buffer overflow in the Expand3To4Module::run function in libaudiofile/modules/SimpleModule.h in Audio File Library aka audiofile 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0 allows remote attackers to cause a denial of service crash via a crafted file...

DEBIAN-CVE-2012-2671

The Rack::Cache rubygem 0.3.0 through 1.1 caches Set-Cookie and other sensitive headers, which allows attackers to obtain sensitive cookie information, hijack web sessions, or have other unspecified impact by accessing the cache...