Lucene search
K
GithubMost viewed

33187 matches found

Github Security Blog
Github Security Blog
added 2023/01/05 12:18 p.m.106 views

@mattkrick/sanitize-svg vulnerable to Cross-Site Scripting (XSS)

Impact The sanitize-svg package uses a deny-list-pattern to sanitize SVGs to prevent cross-site scripting XSS. In doing so, literal -tags and on-event handlers were detected: typescript ... const svgEl = div.firstElementChild! const attributes = Array.fromsvgEl.attributes.map name = name const...

7.6CVSS5.8AI score0.00571EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 2:37 a.m.106 views

phpMyAdmin IPv6 and proxy server IP-based authentication rule circumvention

An issue was discovered in phpMyAdmin involving improper enforcement of the IP-based authentication rules. When phpMyAdmin is used with IPv6 in a proxy server environment, and the proxy server is in the allowed range but the attacking computer is not allowed, this vulnerability can allow the...

5.9CVSS7.2AI score0.02025EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/30 5:10 p.m.106 views

Directory Traversal in typo3/phar-stream-wrapper

The PharStreamWrapper aka phar-stream-wrapper package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a phar:///path/bad.phar/../good.phar URL...

9.8CVSS5.7AI score0.05586EPSS
Exploits0References27Affected Software3
Github Security Blog
Github Security Blog
added 2021/04/30 5:31 p.m.106 views

Uncontrolled Resource Consumption in urllib3

The encodeinvalidchars function in util/url.py in the urllib3 library 1.25.2 through 1.25.7 for Python allows a denial of service CPU consumption because of an inefficient algorithm. The percentencodings array contains all matches of percent encodings. It is not deduplicated. For a URL of length ...

7.8CVSS7.1AI score0.03288EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/23 4:55 p.m.106 views

Local information disclosure via system temporary directory

Impact Eclipse Jersey 2.28 - 2.33 and Eclipse Jersey 3.0.0 - 3.0.1 contains a local information disclosure vulnerability. This is due to the use of the File.createTempFile which creates a file inside of the system temporary directory with the permissions: -rw-r--r--. Thus the contents of this fil...

6.2CVSS6.6AI score0.00905EPSS
Exploits0References21Affected Software1
Github Security Blog
Github Security Blog
added 2021/01/20 9:21 p.m.106 views

Prototype pollution in gsap

There is a prototype pollution vulnerability in gsap which affects all versions before 3.6.0...

7.5CVSS7.2AI score0.016EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2020/11/16 8:7 p.m.106 views

XStream can be used for Remote Code Execution

Impact The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Patches If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.14. Workarounds No user is affected, who...

9.3CVSS0.7AI score0.85001EPSS
Exploits7References17Affected Software1
Github Security Blog
Github Security Blog
added 2020/03/31 3:59 p.m.106 views

Validation Bypass in kind-of

Versions of kind-of 6.x prior to 6.0.3 are vulnerable to a Validation Bypass. A maliciously crafted object can alter the result of the type check, allowing attackers to bypass the type checking validation. Recommendation Upgrade to versions 6.0.3 or later...

7.5CVSS4.9AI score0.02278EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2020/03/16 10:46 p.m.106 views

Insufficient Nonce Validation in Eclipse Milo Client

Impact Credential replay affecting those connected to a server when all 3 of the following conditions are met: - SecurityPolicy is None - using username/password or X509-based authentication - the server has a defect causing it to send null/empty or zeroed nonces Patches The problem has been...

7.4CVSS0.5AI score0.01043EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2020/03/03 3:32 p.m.106 views

HTTP Response Splitting in Styx

Vulnerability Styx is vulnerable to CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Response Splitting'. Vulnerable Component The vulnerable component is the com.hotels.styx.api.HttpHeaders.Builder due to disabling the HTTP Header validation built into Netty in these...

6.5CVSS0.1AI score0.01162EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2020/02/24 5:18 p.m.106 views

Private data exposure via REST API in BuddyPress

In BuddyPress before 5.1.2, requests to a certain REST API endpoint can result in private user data getting exposed. Authentication is not needed. This has been patched in version 5.1.2...

8CVSS4.4AI score0.01944EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2020/01/08 5:1 p.m.106 views

The SafeHtml annotation in Hibernate-Validator does not properly guard against XSS attacks

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack...

6.5CVSS1.8AI score0.02167EPSS
Exploits0References27Affected Software2
Github Security Blog
Github Security Blog
added 2021/08/11 8:11 p.m.105 views

Integer overflow on 32-bit systems

Impact An integer overflow bug in 32-bit Redis version 4.0 or newer could be exploited to corrupt the heap and potentially result with remote code execution. Redis 4.0 or newer uses a configurable limit for the maximum supported bulk input size. By default, it is 512MB which is a safe value for a...

8.8CVSS2.1AI score0.047EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2021/06/03 11:41 p.m.106 views

Generation of Error Message Containing Sensitive Information in RESTEasy client

A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. It may allow client users to obtain the server's potentially sensitive information when the server got WebApplicationException from the RESTEasy client call. The highest threat from this vulnerability is to data...

5.3CVSS5.9AI score0.01211EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2020/09/04 5:57 p.m.105 views

Privilege Escalation in cordova-plugin-inappbrowser

Versions of cordova-plugin-inappbrowser prior to 3.1.0 are vulnerable to Privilege Escalation. A website running in the InAppBrowser webview on Android could execute arbitrary JavaScript in the main application's webview using a specially crafted gap-iab: URI. This affects Cordova Android...

9.8CVSS6.2AI score0.0783EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2020/05/07 9:11 p.m.105 views

Exposure of Sensitive Information to an Unauthorized Actor in Doorkeeper

Impact Information disclosure vulnerability. Allows an attacker to see all Doorkeeper::Application model attribute values including secrets using authorized applications controller if it's enabled GET /oauth/authorizedapplications.json. Patches These versions have the fix: 5.0.3 5.1.1 5.2.5 5.3.2...

7.5CVSS0.2AI score0.02016EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2019/11/22 6:18 p.m.105 views

Pannellum Cross-Site Scripting due to data not being sanitized for URIs or vbscript

Versions of pannellum prior to 2.5.6 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize URLs for data URIs, which may allow attackers to execute arbitrary code in a victim's browser. Recommendation Upgrade to version 2.5.6 or later...

6.1CVSS4.9AI score0.00697EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2018/10/17 6:22 p.m.105 views

In Apache PDFBox a carefully crafted PDF file can trigger an extremely long running computation

In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree...

5.5CVSS3.8AI score0.04024EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2018/07/20 4:20 p.m.105 views

mime Regular Expression Denial of Service when MIME lookup performed on untrusted user input

Affected versions of mime are vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input. Recommendation Update to version 2.0.3 or later...

7.5CVSS7.4AI score0.02051EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 5:14 p.m.104 views

@babel/core: Arbitrary File Read via sourceMappingURL Comment

Impact Using @babel/core to compile maliciously crafted code can allow ab attacker to read any source map from the system that is running Babel, if these conditions are all true: - the attacker controls the input source code - the attacker can read the output source code - the attacker knows the...

3.6CVSS5.3AI score0.00116EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/04/24 4:31 p.m.104 views

React Router allows pre-render data spoofing on React-Router framework mode

Summary After some research, it turns out that it's possible to modify pre-rendered data by adding a header to the request. This allows to completely spoof its contents and modify all the values ​​of the data object passed to the HTML. Latest versions are impacted. Details The vulnerable header i...

8.2CVSS6AI score0.00737EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/03/21 3:20 p.m.104 views

Authorization Bypass in Next.js Middleware

Impact It is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. Patches For Next.js 15.x, this issue is fixed in 15.2.3 For Next.js 14.x, this issue is fixed in 14.2.25 For Next.js 13.x, this issue is fixed in 13.5.9 For Next.js...

9.1CVSS7.5AI score0.99301EPSS
Exploits58References11Affected Software1
Github Security Blog
Github Security Blog
added 2024/07/09 9:14 p.m.104 views

Microsoft Security Advisory CVE-2024-38095 | .NET Denial of Service Vulnerability

Microsoft Security Advisory CVE-2024-38095 | .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0 and .NET 8.0. This advisory also provides guidance on what developers can do to update their...

7.5CVSS6.8AI score0.02719EPSS
Exploits0References4Affected Software13
Github Security Blog
Github Security Blog
added 2024/06/13 9:31 a.m.104 views

Magento Open Source affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that...

9.8CVSS7.4AI score0.99994EPSS
Exploits26References9Affected Software1
Github Security Blog
Github Security Blog
added 2023/10/04 12:30 p.m.104 views

Withdrawn Advisory: Netty-handler does not validate host names by default

Withdrawn Advisory This advisory has been withdrawn because the underlying vulnerability only concerns Red Hat's Hot Rod client, which is not in one of the GitHub Advisory Database's supported ecosystems. This link is maintained to preserve external references. Original Description Netty-handler...

7.4CVSS7.3AI score0.00448EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2023/09/01 6:30 p.m.104 views

Langchain vulnerable to arbitrary code execution via the evaluate function in the numexpr library

An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in the numexpr library. Patches: Released in v.0.0.308. numexpr dependency is optional for langchain...

9.8CVSS9.4AI score0.01322EPSS
Exploits1References9Affected Software2
Github Security Blog
Github Security Blog
added 2023/08/05 3:30 a.m.104 views

langchain Code Injection vulnerability

An issue in Harrison Chase langchain allows an attacker to execute arbitrary code via the PALChain,frommathpromptllm.run in the python exec method...

9.8CVSS7.8AI score0.01062EPSS
Exploits1References11Affected Software1
Github Security Blog
Github Security Blog
added 2022/09/10 12:0 a.m.104 views

PDFKit vulnerable to Command Injection

The package pdfkit is vulnerable to Command Injection where the URL is not properly sanitized. Note: This issue was patched in 0.8.7.2, but the patch was discovered to be ineffective. The updated patch version is 0.8.7.2...

9.8CVSS3.4AI score0.38924EPSS
Exploits11References14Affected Software1
Github Security Blog
Github Security Blog
added 2022/04/13 12:0 a.m.104 views

Unrestricted Upload of File with Dangerous Type in Strapi

An arbitrary file upload vulnerability in the file upload module of Strapi v4.1.5 allows attackers to execute arbitrary code via a crafted file...

9.8CVSS7AI score0.03018EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/04/13 12:0 a.m.104 views

Arbitrary file upload in Ghost

An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute arbitrary code via a crafted SVG file...

9.8CVSS7AI score0.0379EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2020/06/09 12:24 a.m.104 views

Reflected XSS in GraphQL Playground

Impact directly impacted: - [email protected] - all unsanitized user input for renderPlaygroundPage all of our consuming packages of graphql-playground-html are impacted: - [email protected] - unsanitized user input to expressPlayground -...

7.4CVSS0.2AI score0.07243EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2020/03/19 5:30 p.m.104 views

Cross site scripting vulnerability in ActionView

There is a possible cross site scripting XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the j or escapejavascript methods may be susceptible to XSS attacks. Impact There is a possible XSS vulnerability in the j and escapejavascript methods in ActionView. These...

4.8CVSS1AI score0.01543EPSS
Exploits1References10Affected Software1
Github Security Blog
Github Security Blog
added 2019/12/13 3:39 p.m.104 views

npm Vulnerable to Global node_modules Binary Overwrite

Versions of the npm CLI prior to 6.13.4 are vulnerable to a Global nodemodules Binary Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent...

7.7CVSS2.4AI score0.01984EPSS
Exploits0References14Affected Software1
Github Security Blog
Github Security Blog
added 2019/12/05 7:26 p.m.104 views

A poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack

Keepalive thread overload/DoS Impact A poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait permanently if the...

7.5CVSS2.5AI score0.0196EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2019/12/02 6:11 p.m.104 views

Drupal core third-party PEAR Archive_Tar library is vulnerable to Deserialization of Untrusted Data

In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; Drupal core uses the third-party PEAR ArchiveTar library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details...

8CVSS8AI score0.0213EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2018/10/17 6:28 p.m.104 views

JavaMelody has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java.

JavaMelody before 1.74.0 has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java...

9.8CVSS5.2AI score0.27873EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2024/07/01 3:32 p.m.103 views

jrburke requirejs vulnerable to prototype pollution

jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the function s.contexts..configure. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

10CVSS8.1AI score0.00749EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/07/15 8:44 p.m.103 views

Partial Path Traversal in com.amazonaws:aws-java-sdk-s3

Overview A partial-path traversal issue exists within the downloadDirectory method in the AWS S3 TransferManager component of the AWS SDK for Java v1. Applications using the SDK control the destinationDirectory argument, but S3 object keys are determined by the application that uploaded the...

7.9CVSS7.6AI score0.01193EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/06/24 12:0 a.m.103 views

golang.org/x/sys/unix has Incorrect privilege reporting in syscall

Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Reporting in syscall. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible. Specific Go Packages Affected golang.org/x/sys/unix...

5.3CVSS7.7AI score0.02593EPSS
Exploits1References15Affected Software1
Github Security Blog
Github Security Blog
added 2021/10/05 8:24 p.m.103 views

Buffer Overflow in Pillow

Pillow through 8.2.0 and PIL aka Python Imaging Library through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c...

9.8CVSS9.2AI score0.03162EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/13 3:21 p.m.103 views

HTTP Request Smuggling in Apache Tomcat

Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer...

5.3CVSS5.9AI score0.75353EPSS
Exploits1References31Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/02 4:55 p.m.103 views

Improper Handling of Length Parameter Inconsistency in Compress

When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' tar package...

7.5CVSS7.4AI score0.10901EPSS
Exploits0References24Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/18 1:57 a.m.103 views

Uncontrolled Resource Consumption in firebase

This affects the package @firebase/util before 0.3.4. This vulnerability relates to the deepExtend function within the DeepCopy.ts file. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program...

5.6CVSS5.4AI score0.00562EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/07 3:54 p.m.103 views

Authentication bypass in Apache Shiro

Apache Shiro before 1.6.0, when using Apache Shiro, a specially crafted HTTP request may cause an authentication bypass...

7.5CVSS1.8AI score0.48019EPSS
Exploits3References18Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/19 9:32 p.m.103 views

Cross-site Scripting (XSS) in Django REST Framework

A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious tags, leadin...

6.1CVSS6AI score0.01286EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2020/11/23 8:54 p.m.103 views

Bypass of fix for CVE-2020-15247, Twig sandbox escape

Impact A bypass of CVE-2020-15247 fixed in 1.0.469 and 1.1.0 was discovered that has the same impact as CVE-2020-15247: An authenticated backend user with the cms.managepages, cms.managelayouts, or cms.managepartials permissions who would normally not be permitted to provide PHP code to be execut...

6.7CVSS1AI score0.00289EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.103 views

jquery-ui Tooltip widget vulnerable to XSS

Cross-site scripting XSS vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo...

4.3CVSS5.7AI score0.06463EPSS
Exploits0References13Affected Software4
Github Security Blog
Github Security Blog
added 2026/01/28 3:38 p.m.102 views

Next.js HTTP request deserialization can lead to DoS when using insecure React Server Components

A vulnerability affects certain React Server Components packages for versions 19.0.x, 19.1.x, and 19.2.x and frameworks that use the affected packages, including Next.js 13.x, 14.x, 15.x, and 16.x using the App Router. The issue is tracked upstream as CVE-2026-23864. A specially crafted HTTP...

7.5CVSS5.9AI score0.02499EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/06/14 9:31 a.m.102 views

Mattermost Desktop App Remote Code Execution

Mattermost Desktop App versions =5.7.0 fail to correctly prompt for permission when opening external URLs which allows a remote attacker to force a victim over the Internet to run arbitrary programs on the victim's system via custom URI schemes...

6.1CVSS7AI score0.003EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/04/17 9:30 a.m.102 views

Apache Spark vulnerable to Improper Privilege Management

In Apache Spark versions prior to versions 3.4.0 and 3.3.3, applications using spark-submit can specify a proxy-user to run as, limiting privileges. The application can execute code with the privileges of the submitting user, however, by providing malicious configuration-related classes on the...

9.9CVSS9.2AI score0.01109EPSS
Exploits0References9Affected Software3
Total number of security vulnerabilities5000