Lucene search
K
GithubMost viewed

33181 matches found

Github Security Blog
Github Security Blog
added 2023/06/29 3:2 p.m.615 views

SafeURL-Python's hostname blocklist does not block FQDNs

Description If a hostname was blacklisted, it was possible to bypass the blacklist by requesting the FQDN of the host e.g. adding . to the end. Impact The main purpose of this library is to block requests to internal/private IPs and these cannot be bypassed using this finding. But if a library us...

6.8AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2020/03/05 10:9 p.m.604 views

Remote code execution in PHPMailer

Impact The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in...

9.8CVSS2AI score0.98038EPSS
Exploits19References16Affected Software1
Github Security Blog
Github Security Blog
added 2022/07/16 12:0 a.m.579 views

Angular (deprecated package) Cross-site Scripting

All versions of package angular are vulnerable to Cross-site Scripting XSS due to insecure page caching in the Internet Explorer browser, which allows interpolation of elements. NPM package angular is deprecated. Those who want to receive security updates should use the actively maintained packag...

6.1CVSS5.9AI score0.05276EPSS
Exploits1References14Affected Software1
Github Security Blog
Github Security Blog
added 2022/03/12 12:0 a.m.566 views

Deeply nested json in jackson-databind

jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects...

7.5CVSS8AI score0.0486EPSS
Exploits1References16Affected Software1
Github Security Blog
Github Security Blog
added 2021/12/10 12:40 a.m.555 views

Remote code injection in Log4j

Summary Log4j versions prior to 2.16.0 are subject to a remote code execution vulnerability via the ldap JNDI parser. As per Apache's Log4j security guide: Apache Log4j2 =2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and...

10CVSS10AI score0.99999EPSS
Exploits351References75Affected Software5
Github Security Blog
Github Security Blog
added 2024/01/19 3:6 p.m.550 views

Marvin Attack of RSA and RSAOAEP decryption in jsrsasign

Impact RSA PKCS1.5 or RSAOAEP ciphertexts may be decrypted by this Marvin attack vulnerability. Patches update to jsrsasign 11.0.0. Workarounds Find and replace RSA and RSAOAEP decryption with other crypto library. References https://people.redhat.com/hkario/marvin/...

7.5CVSS7.1AI score0.0096EPSS
Exploits1References10Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/25 6:42 p.m.543 views

Subdomain checking of whitelisted domains could allow unintended redirects in oauth2-proxy

Impact What kind of vulnerability is it? Who is impacted? For users that use the whitelist domain feature, a domain that ended in a similar way to the intended domain could have been allowed as a redirect. For example, if a whitelist domain was configured for .example.com, the intention is that...

6.1CVSS0.1AI score0.01353EPSS
Exploits1References6Affected Software2
Github Security Blog
Github Security Blog
added 2022/04/04 9:25 p.m.538 views

Path Traversal: 'dir/../../filename' in moment.locale

Impact This vulnerability impacts npm server users of moment.js, especially if user provided locale string, eg fr is directly used to switch moment locale. Patches This problem is patched in 2.29.2, and the patch can be applied to all affected versions from 1.0.1 up until 2.29.1, inclusive...

7.5CVSS6.5AI score0.05664EPSS
Exploits0References12Affected Software2
Github Security Blog
Github Security Blog
added 2025/12/30 3:22 p.m.536 views

Picklescan is vulnerable to RCE via missing detection when calling built-in python _operator.methodcaller

Summary Picklescan uses operator.methodcaller, which is a built-in python library function to execute remote pickle files. Details The attack payload executes in the following steps: - First, the attacker crafts the payload by calling to operator.methodcaller function in reduce method - Then when...

7.8AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/07/01 6:30 a.m.530 views

tough-cookie Prototype Pollution vulnerability

Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized...

9.8CVSS6.8AI score0.02542EPSS
Exploits2References10Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/02 5:15 p.m.526 views

Uncontrolled Resource Consumption in ansi-html

This affects all versions of package ansi-html. If an attacker provides a malicious string, it will get stuck processing the input for an extremely long time...

7.5CVSS5.4AI score0.01981EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/03/18 12:1 a.m.509 views

Prototype Pollution in minimist

Minimist prior to 1.2.6 and 0.2.4 is vulnerable to Prototype Pollution via file index.js, function setKey lines 69-95...

9.8CVSS3.7AI score0.04581EPSS
Exploits1References15Affected Software1
Github Security Blog
Github Security Blog
added 2019/02/22 8:54 p.m.509 views

Bootstrap Vulnerable to Cross-Site Scripting

Versions of bootstrap prior to 3.4.1 for 3.x and 4.3.1 for 4.x are vulnerable to Cross-Site Scripting XSS. The data-template attribute of the tooltip and popover plugins lacks input sanitization and may allow attacker to execute arbitrary JavaScript. Recommendation For bootstrap 4.x upgrade to...

6.1CVSS6.5AI score0.1686EPSS
Exploits1References44Affected Software7
Github Security Blog
Github Security Blog
added 2020/08/05 9:47 p.m.505 views

XSS via JQLite DOM manipulation functions in AngularJS

Summary XSS may be triggered in AngularJS applications that sanitize user-controlled HTML snippets before passing them to JQLite methods like JQLite.prepend, JQLite.after, JQLite.append, JQLite.replaceWith, JQLite.append, new JQLite and angular.element. Description JQLite DOM manipulation library...

5.9AI score
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2020/08/03 6:16 p.m.505 views

Withdrawn

Withdrawn: duplicate of GHSA-wjr4-2jgw-hmv8...

1.1AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2024/06/17 7:9 p.m.501 views

ws affected by a DoS when handling a request with many HTTP headers

Impact A request with a number of headers exceeding the server.maxHeadersCount threshold could be used to crash a ws server. Proof of concept js const http = require'http'; const WebSocket = require'ws'; const wss = new WebSocket.Server port: 0 , function const chars =...

7.5CVSS6.8AI score0.01357EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/03 11:40 p.m.494 views

Cross-site scripting in Apache HttpClient

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution...

5.3CVSS2AI score0.08665EPSS
Exploits1References65Affected Software1
Github Security Blog
Github Security Blog
added 2020/06/10 11:38 p.m.484 views

Arbitrary code execution in Apache Commons BeanUtils

Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrar...

7.5CVSS9.1AI score0.96121EPSS
Exploits4References155Affected Software1
Github Security Blog
Github Security Blog
added 2018/09/13 3:49 p.m.484 views

Bootstrap Cross-site Scripting vulnerability

In Bootstrap 4.x before 4.1.2, XSS is possible in the data-target property of scrollspy. This is similar to CVE-2018-14042...

6.1CVSS6.3AI score0.04293EPSS
Exploits1References23Affected Software6
Github Security Blog
Github Security Blog
added 2021/05/06 4:5 p.m.483 views

Command Injection in lodash

lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function...

7.2CVSS5.1AI score0.2241EPSS
Exploits2References17Affected Software5
Github Security Blog
Github Security Blog
added 2020/04/03 9:48 p.m.482 views

Regular Expression Denial of Service in Acorn

Affected versions of acorn are vulnerable to Regular Expression Denial of Service. A regex in the form of /x-\ud800/u causes the parser to enter an infinite loop. The string is not valid UTF16 which usually results in it being sanitized before reaching the parser. If an application processes...

4.9AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/10/26 2:55 p.m.479 views

XSS in the `altField` option of the Datepicker widget in jquery-ui

Impact Accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way: js $ "datepicker" .datepicker altField: "", ; will call the doEvilThing function. Patches The issue is fixed...

6.5CVSS2.1AI score0.42229EPSS
Exploits1References24Affected Software4
Github Security Blog
Github Security Blog
added 2022/09/23 4:32 p.m.468 views

Keycloak vulnerable to Stored Cross site Scripting (XSS) when loading default roles

A Stored XSS vulnerability was reported in the Keycloak Security mailing list, affecting all the versions of Keycloak, including the latest release 18.0.1. The vulnerability allows a privileged attacker to execute malicious scripts in the admin console, abusing of the default roles functionality...

3.8CVSS1.7AI score0.00572EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/11/28 11:28 p.m.466 views

Marvin Attack: potential key recovery through timing sidechannels

The Marvin Attack is a timing sidechannel vulnerability which allows performing RSA decryption and signing operations as an attacker with the ability to observe only the time of the decryption operation performed withthe private key. A recent survey of RSA implementations found that the Rust rsa...

7AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/06 6:3 p.m.464 views

Vite Vulnerable to Path Traversal in Optimized Deps `.map` Handling

Summary Any files ending with .map even out side the project can be returned to the browser. Impact Only apps that match the following conditions are affected: - explicitly exposes the Vite dev server to the network using --host or server.host config option - have a sensitive content in files...

6.3CVSS5.9AI score0.00914EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2020/11/11 3:54 p.m.464 views

MoinMoin vulnerable to remote code execution via cache action

Impact The cache action in action/cache.py allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve remote code execution. Patches Users are strongly advised to upgrade to a patched version. MoinMoin Wiki 1.9.11 has the...

9.8CVSS9.5AI score0.06121EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2020/07/15 7:15 p.m.451 views

Prototype Pollution in lodash

Versions of lodash prior to 4.17.19 are vulnerable to Prototype Pollution. The functions pick, set, setWith, update, updateWith, and zipObjectDeep allow a malicious user to modify the prototype of Object if the property identifiers are user-supplied. Being affected by this issue requires...

7.4CVSS7.4AI score0.05213EPSS
Exploits1References12Affected Software8
Github Security Blog
Github Security Blog
added 2022/01/10 5:29 p.m.441 views

Infinite loop causing Denial of Service in colors

colors is a library for including colored text in node.js consoles. Between 07 and 09 January 2022, colors versions 1.4.1, 1.4.2, and 1.4.44-liberty-2 were published including malicious code that caused a Denial of Service due to an infinite loop. Software dependent on these versions experienced...

2.6AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/09 5:35 p.m.428 views

Path Traversal in pip

The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorizedkeys file. This occurs in downloadhttpurl in internal/download.py. ...

7.5CVSS3.7AI score0.03028EPSS
Exploits1References11Affected Software1
Github Security Blog
Github Security Blog
added 2019/06/04 8:14 p.m.427 views

Code Injection in js-yaml

Versions of js-yaml prior to 3.13.1 are vulnerable to Code Injection. The load function may execute arbitrary code injected through a malicious YAML file. Objects that have toString as key, JavaScript code as value and are used as explicit mapping keys allow attackers to execute the supplied code...

4.1AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/12/09 7:8 p.m.423 views

Server side request forgery in SwaggerUI

SwaggerUI supports displaying remote OpenAPI definitions through the ?url parameter. This enables robust demonstration capabilities on sites like petstore.swagger.io, editor.swagger.io, and similar sites, where users often want to see what their OpenAPI definitions would look like rendered...

6.1CVSS0.1AI score0.04881EPSS
Exploits1References5Affected Software4
Github Security Blog
Github Security Blog
added 2021/02/18 8:51 p.m.419 views

XML External Entity (XXE) Injection in Jackson Databind

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity XXE attacks. The highest threat from this vulnerability is data integrity...

7.5CVSS7.6AI score0.17611EPSS
Exploits0References75Affected Software1
Github Security Blog
Github Security Blog
added 2020/05/08 6:54 p.m.416 views

Improper Validation of Certificate with Host Mismatch in Java-WebSocket

The Java-WebSocket Client does not perform hostname verification. - This means that SSL certificates of other hosts are accepted as long as they are trusted. To exploit this vulnerability an attacker has to perform a man-in-the-middle MITM attack between a Java application using the Java-WebSocke...

9CVSS0.5AI score0.00771EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 7:18 p.m.415 views

Improper Neutralization of Special Elements used in a Command in Shell-quote

The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec, an...

9.8CVSS9.6AI score0.0434EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/30 4:12 p.m.415 views

Unauthenticated SQL Injection in Cachet

Impact In Cachet versions through 2.3.18, there is a SQL injection which is in the SearchableTraitscopeSearch. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as administrator's password and session. Patches The original reposito...

8.1CVSS7.6AI score0.09752EPSS
Exploits2References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/28 2:1 a.m.411 views

jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition

Summary The non-blocking async JSON parser in jackson-core bypasses the maxNumberLength constraint default: 1000 characters defined in StreamReadConstraints. This allows an attacker to send JSON with arbitrarily long numbers through the async parser API, leading to excessive memory allocation and...

6AI score
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2018/09/13 3:50 p.m.411 views

Bootstrap Cross-site Scripting vulnerability

In Bootstrap starting in version 2.3.0 and prior to versions 3.4.0 and 4.1.2, XSS is possible in the data-container property of tooltip. This is similar to CVE-2018-14041...

6.1CVSS6.4AI score0.04009EPSS
Exploits1References24Affected Software5
Github Security Blog
Github Security Blog
added 2018/08/23 7:12 p.m.411 views

Electron webPreferences vulnerability can be used to perform remote code execution

GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain scenarios involving IFRAME elements and "nativeWindowOpen: true" or "sandbox: true" options, is affected by a webPreferences vulnerability that can be leveraged to perform remote code execution. More information to determine if yo...

8.1CVSS2.3AI score0.10427EPSS
Exploits4References10Affected Software1
Github Security Blog
Github Security Blog
added 2019/12/02 6:20 p.m.409 views

Strapi allows unauthenticated attacker to reset admin password without valid reset token

Versions of strapi prior to 3.0.0-beta.17.5 are vulnerable to Privilege Escalation. The password reset routes allows an unauthenticated attacker to reset an admin's password without providing a valid password reset token. Recommendation Upgrade to version 3.0.0-beta.17.5 or later...

9.8CVSS5.4AI score0.97639EPSS
Exploits13References9Affected Software1
Github Security Blog
Github Security Blog
added 2021/10/12 4:28 p.m.407 views

Drupal core Unrestricted Upload of File with Dangerous Type

Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations. This issue affects: Drupal Drupal Core 9.0 versions prior to...

8.8CVSS8.4AI score0.04269EPSS
Exploits0References10Affected Software2
Github Security Blog
Github Security Blog
added 2022/02/09 6:29 p.m.403 views

Out of bounds read in Tensorflow

Impact The implementation of shape inference for ReverseSequence does not fully validate the value of batchdim and can result in a heap OOB read: python import tensorflow as tf @tf.function def test: y = tf.rawops.ReverseSequence input = 'aaa','bbb', seqlengths = 1,1,1, seqdim = -10, batchdim = -...

8.1CVSS0.8AI score0.01125EPSS
Exploits1References8Affected Software3
Github Security Blog
Github Security Blog
added 2022/04/22 8:49 p.m.398 views

NextAuth.js default redirect callback vulnerable to open redirects

next-auth v3 users before version 3.29.2 are impacted. We recommend upgrading to v4 in most cases. See our migration guide.next-auth v4 users before version 4.3.2 are impacted. Upgrading to 3.29.2 or 4.3.2 will patch this vulnerability. If you are not able to upgrade for any reason, you can add a...

6.1CVSS3.3AI score0.0076EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/07 4:32 p.m.396 views

CKEditor 4.0 vulnerability in the HTML Data Processor

A cross-site scripting XSS vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14.0 allows remote attackers to inject arbitrary web script through a crafted "protected" comment with the ckeprotected syntax...

6.1CVSS5.5AI score0.04327EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
added 2023/11/28 11:28 p.m.395 views

Marvin Attack: potential key recovery through timing sidechannels

Impact Due to a non-constant-time implementation, information about the private key is leaked through timing information which is observable over the network. An attacker may be able to use that information to recover the key. Patches No patch is yet available, however work is underway to migrate...

5.9CVSS6.3AI score0.00605EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/06/03 12:0 a.m.395 views

Open redirect in caddy

Caddy v2.4 was discovered to contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links...

6.1CVSS6.5AI score0.00983EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
added 2023/03/30 8:20 p.m.391 views

runc AppArmor bypass with symlinked /proc

Impact It was found that AppArmor, and potentially SELinux, can be bypassed when /proc inside the container is symlinked with a specific mount configuration. Patches Fixed in runc v1.1.5, by prohibiting symlinked /proc: https://github.com/opencontainers/runc/pull/3785 This PR fixes CVE-2023-27561...

7.8CVSS6.8AI score0.00343EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/04 9:37 p.m.390 views

SnakeYAML Entity Expansion during load operation

The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564...

7.5CVSS7AI score0.26723EPSS
Exploits1References63Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:7 a.m.388 views

Bootstrap vulnerable to Cross-Site Scripting (XSS)

In Bootstrap starting in version 2.3.0 and prior to 3.4.0, as well as 4.x before 4.1.2, XSS is possible in the collapse data-parent attribute...

6.1CVSS6.1AI score0.04135EPSS
Exploits1References29Affected Software5
Github Security Blog
Github Security Blog
added 2020/12/17 9:0 p.m.388 views

datatables.net vulnerable to Prototype Pollution due to incomplete fix

All versions of package datatables.net are vulnerable to Prototype Pollution due to an incomplete fix for https://snyk.io/vuln/SNYK-JS-DATATABLESNET-598806...

7.5CVSS7.2AI score0.0367EPSS
Exploits2References9Affected Software1
Github Security Blog
Github Security Blog
added 2023/02/11 12:13 a.m.387 views

Withdrawn: cacheable-request depends on http-cache-semantics, which is vulnerable to Regular Expression Denial of Service

This advisory is withdawn. cacheable-request depends on http-cache-semanttics, which contains an Inefficient Regular Expression Complexity in versions prior to 4.1.1 of that package. cacheable-request has been updated to rely on the fixed version in 10.2.7. Summary of http-cache-semantics...

3.4AI score
Exploits0References4Affected Software1
Total number of security vulnerabilities5000