126 matches found
Arbitrary Code Injection
Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Arbitrary Code Injection via the SuppressedError. An attacker can execute arbitrary code outside the intended sandbox environment by...
io.javalin.community.openapi:javalin-redoc-plugin (>=5.0.0 <=5.2.0), io.javalin.community.openapi:openapi-test (>=5.0.0 <=5.0.1) +12 more potentially affected by CVE-2026-41239 via org.webjars.npm:dompurify (>=2.5.8 <=3.3.0)
org.webjars.npm:dompurify MAVEN version =2.5.8, =5.0.0, =5.0.0, =1.96.0, =1.0.0, =1.0.0, =14.3.0, =0.54.0, =2.0.0, =3.1.1, =3.1.3, =3.2.2 - org.webjars.npm:tui-calendar =1.15.3 Source cves: CVE-2026-41239 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-16131136...
org.webjars.npm:adal-node (=0.1.28), org.webjars.npm:canvg (>=1.5.2 <=1.5.3) +14 more potentially affected by CVE-2026-41672 via org.webjars.npm:xmldom (>=0.1.31 <=0.6.0)
org.webjars.npm:xmldom MAVEN version =0.1.31, =1.5.2, =0.7.2, =0.14.0, =0.11.0, =7.14.0, =2.7.0, =2.9.2 and more Source cves: CVE-2026-41672 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-16133135...
org.webjars.npm:bazel__typescript (=1.7.0), org.webjars.npm:cesium (>=1.96.0 <=1.137.0) +8 more potentially affected by CVE-2026-41242 via org.webjars.npm:protobufjs (>=6.8.8 <=8.0.0)
org.webjars.npm:protobufjs MAVEN version =6.8.8, =1.96.0, =1.0.0, =1.0.0, =10.13.0, =4.7.0, =0.3.35, =1.7.3, =0.7.13, =0.7.15 Source cves: CVE-2026-41242 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-16094666...
com.graphhopper:graphhopper-web-bundle (>=3.0 <=client_hc_no_vehicle), org.webjars.npm:geobuf (=3.0.2) +15 more potentially affected by CVE-2026-5758 via org.webjars.npm:protocol-buffers-schema (=3.6.0)
org.webjars.npm:protocol-buffers-schema MAVEN version =3.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:protocol-buffers-schema and may be impacted: - com.graphhopper:graphhopper-web-bundle =3.0, =1.10.1, =6.1.0, =10.6.0, =1.3.5,...
net.enilink.platform:net.enilink.platform.web (=1.6.0), org.webjars.npm:formio__core (=2.6.0) +1 more potentially affected by unknown CVE via org.webjars.npm:dompurify (>=3.1.7 <=3.3.0)
org.webjars.npm:dompurify MAVEN version =3.1.7, =0.54.0, =0.55.1 Source cves: unknown CVE Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15874906...
com.newmediaworks:nmw-oss-website (>=1.7.0 <=1.11.0), com.pragmatickm:website (>=1.10.0 <=2.0.0) +102 more potentially affected by CVE-2025-13465 +1 more via org.webjars.npm:lodash (>=4.0.0 <=4.17.5)
org.webjars.npm:lodash MAVEN version =4.0.0, =1.7.0, =1.10.0, =1.11.0, =1.7.0, =1.6.1, =1.11.0, =1.13.0, =1.0, =1.0, =1.0, =1.2.0, =3.5.0, =3.5.0, =3.5.0, =3.12.0 and more Source cves: CVE-2025-13465, CVE-2026-2950 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15869623...
com.newmediaworks:nmw-oss-website (>=1.7.0 <=1.11.0), com.pragmatickm:website (>=1.10.0 <=2.0.0) +102 more potentially affected by CVE-2021-23337 +1 more via org.webjars.npm:lodash (>=4.0.0 <=4.17.5)
org.webjars.npm:lodash MAVEN version =4.0.0, =1.7.0, =1.10.0, =1.11.0, =1.7.0, =1.6.1, =1.11.0, =1.13.0, =1.0, =1.0, =1.0, =1.2.0, =3.5.0, =3.5.0, =3.5.0, =3.12.0 and more Source cves: CVE-2021-23337, CVE-2026-4800 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15869630...
org.webjars.npm:autolinker (>=0.24.1 <=0.28.1), org.webjars.npm:github-com-mattslocum-ng-webworker (=0.2.3) +10 more potentially affected by CVE-2021-23337 +1 more via org.webjars.npm:lodash.template (=4.5.0)
org.webjars.npm:lodash.template MAVEN version =4.5.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:lodash.template and may be impacted: - org.webjars.npm:autolinker =0.24.1, =2.9.0, =1.8.12, =3.5.0, =2.3.4, =2.5.17-beta.0 -...
org.webjars.npm:angular-tree-component (>=3.2.3 <=3.7.2), org.webjars.npm:chevrotain (>=11.0.3 <=11.1.2) +72 more potentially affected by CVE-2021-23337 +1 more via org.webjars.npm:lodash-es (>=4.17.21 <=4.17.4)
org.webjars.npm:lodash-es MAVEN version =4.17.21, =3.2.3, =11.0.3, =11.0.3, =11.0.3, =39.0.1, =39.0.1, =39.0.1, =39.0.1, =39.0.1, =39.0.1, =39.0.1, =44.1.0, =39.0.1, =44.3.0 and more Source cves: CVE-2021-23337, CVE-2026-4800 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15869632...
org.webjars.npm:directory-encoder (=0.9.2), org.webjars.npm:engine-handlebars (=0.8.2) +6 more potentially affected by unknown CVE via org.webjars.npm:handlebars (>=4.0.14 <=4.7.8)
org.webjars.npm:handlebars MAVEN version =4.0.14, =1.5.0, =2.0.0, =2.0.0, =2.1.0, =2.1.1 Source cves: unknown CVE Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15813032...
org.webjars.npm:directory-encoder (=0.9.2), org.webjars.npm:engine-handlebars (=0.8.2) +6 more potentially affected by CVE-2026-33941 via org.webjars.npm:handlebars (>=4.0.14 <=4.7.8)
org.webjars.npm:handlebars MAVEN version =4.0.14, =1.5.0, =2.0.0, =2.0.0, =2.1.0, =2.1.1 Source cves: CVE-2026-33941 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15807041...
org.webjars.npm:directory-encoder (=0.9.2), org.webjars.npm:engine-handlebars (=0.8.2) +6 more potentially affected by CVE-2026-33940 via org.webjars.npm:handlebars (>=4.0.14 <=4.7.8)
org.webjars.npm:handlebars MAVEN version =4.0.14, =1.5.0, =2.0.0, =2.0.0, =2.1.0, =2.1.1 Source cves: CVE-2026-33940 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15803087...
org.webjars.npm:directory-encoder (=0.9.2), org.webjars.npm:engine-handlebars (=0.8.2) +6 more potentially affected by CVE-2026-33937 via org.webjars.npm:handlebars (>=4.0.14 <=4.7.8)
org.webjars.npm:handlebars MAVEN version =4.0.14, =1.5.0, =2.0.0, =2.0.0, =2.1.0, =2.1.1 Source cves: CVE-2026-33937 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15803085...
org.webjars.npm:compression-webpack-plugin (=7.1.1), org.webjars.npm:copy-webpack-plugin (>=4.3.1 <=4.6.0) +9 more potentially affected by CVE-2026-34043 via org.webjars.npm:serialize-javascript (>=1.9.1 <=6.0.2)
org.webjars.npm:serialize-javascript MAVEN version =1.9.1, =4.3.1, =5.2.0, =1.1.6, =2.3.4, =2.5.17-beta.0 Source cves: CVE-2026-34043 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15809197...
org.webjars.npm:directory-encoder (=0.9.2), org.webjars.npm:engine-handlebars (=0.8.2) +6 more potentially affected by CVE-2026-33916 via org.webjars.npm:handlebars (>=4.0.14 <=4.7.8)
org.webjars.npm:handlebars MAVEN version =4.0.14, =1.5.0, =2.0.0, =2.0.0, =2.1.0, =2.1.1 Source cves: CVE-2026-33916 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15789776...
org.webjars.npm:github-com-cisco-node-jose (=2.2.0), org.webjars.npm:google-auth-library (>=1.6.1 <=6.1.6) +7 more potentially affected by CVE-2026-33896 via org.webjars.npm:node-forge (>=0.10.0 <=1.3.3)
org.webjars.npm:node-forge MAVEN version =0.10.0, =1.6.1, =1.0.2, =2.3.2, =1.10.2, =2.1.1 Source cves: CVE-2026-33896 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15789772...
org.webjars.npm:github-com-cisco-node-jose (=2.2.0), org.webjars.npm:google-auth-library (>=1.6.1 <=6.1.6) +7 more potentially affected by CVE-2026-33894 via org.webjars.npm:node-forge (>=0.10.0 <=1.3.3)
org.webjars.npm:node-forge MAVEN version =0.10.0, =1.6.1, =1.0.2, =2.3.2, =1.10.2, =2.1.1 Source cves: CVE-2026-33894 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15789774...
org.webjars.npm:github-com-cisco-node-jose (=2.2.0), org.webjars.npm:google-auth-library (>=1.6.1 <=6.1.6) +7 more potentially affected by CVE-2026-33891 via org.webjars.npm:node-forge (>=0.10.0 <=1.3.3)
org.webjars.npm:node-forge MAVEN version =0.10.0, =1.6.1, =1.0.2, =2.3.2, =1.10.2, =2.1.1 Source cves: CVE-2026-33891 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15789770...
com.gitee.zodiacstack.base:zodiac-base-sdk-net (=1.7.1), com.matecoder:juggle-core (>=1.6.0 <=1.6.1) +27 more potentially affected by CVE-2026-33750 via org.webjars.npm:brace-expansion (=2.0.2)
org.webjars.npm:brace-expansion MAVEN version =2.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:brace-expansion and may be impacted: - com.gitee.zodiacstack.base:zodiac-base-sdk-net =1.7.1 - com.matecoder:juggle-core =1.6.0, =5.0.0...