Lucene search
K
GithubRecent

33187 matches found

Github Security Blog
Github Security Blog
added 2026/03/25 9:17 p.m.7 views

Vikunja has Cross-Project Information Disclosure via Task Relations — Missing Authorization Check on Related Task Read

Summary When the Vikunja API returns tasks, it populates the relatedtasks field with full task objects for all related tasks without checking whether the requesting user has read permission on those tasks' projects. An authenticated user who can read a task that has cross-project relations will...

6.5CVSS5.9AI score0.0033EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/25 9:14 p.m.9 views

Vikunja has SSRF via Todoist/Trello Migration File Attachment URLs that Allows Reading Internal Network Resources

Summary The migration helper functions DownloadFile and DownloadFileWithHeaders in pkg/modules/migration/helpers.go make arbitrary HTTP GET requests without any SSRF protection. When a user triggers a Todoist or Trello migration, file attachment URLs from the third-party API response are passed...

6.4CVSS6AI score0.00272EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/25 9:13 p.m.21 views

Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching

Impact picomatch is vulnerable to a method injection vulnerability CWE-1321 affecting the POSIXREGEXSOURCE object. Because the object inherits from Object.prototype, specially crafted POSIX bracket expressions e.g., :constructor: can reference inherited method names. These methods are implicitly...

5.3CVSS6.1AI score0.0041EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/25 9:12 p.m.15 views

Picomatch has a ReDoS vulnerability via extglob quantifiers

Impact picomatch is vulnerable to Regular Expression Denial of Service ReDoS when processing crafted extglob patterns. Certain patterns using extglob quantifiers such as + and , especially when combined with overlapping alternatives or nested extglobs, are compiled into regular expressions that c...

7.5CVSS5.5AI score0.00412EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/25 9:10 p.m.5 views

Vikunja Allows Disabled/Locked User Accounts to Authenticate via API Tokens, CalDAV, and OpenID Connect

Summary When a user account is disabled or locked, the status check is only enforced on the local login and JWT token refresh paths. Three other authentication paths — API tokens, CalDAV basic auth, and OpenID Connect — do not verify user status, allowing disabled or locked users to continue...

8.1CVSS5.9AI score0.00453EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/25 9:9 p.m.9 views

n8n: LDAP Email-Based Account Linking Allows Privilege Escalation and Account Takeover

Impact When LDAP authentication is enabled, n8n automatically linked an LDAP identity to an existing local account if the LDAP email attribute matched the local account's email. An authenticated LDAP user who could control their own LDAP email attribute could set it to match another user's email ...

8.8CVSS5.8AI score0.0032EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/25 9:8 p.m.8 views

n8n is Vulnerable to Credential Theft via Name-Based Resolution and Permission Checker Bypass in Community Edition

Impact An authenticated user with the global:member role could exploit chained authorization flaws in n8n's credential pipeline to steal plaintext secrets from generic HTTP credentials httpBasicAuth, httpHeaderAuth, httpQueryAuth belonging to other users on the same instance. The attack abuses a...

8.5CVSS6AI score0.00392EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/25 9:7 p.m.9 views

n8n has Multiple Remote Code Execution Vulnerabilities in Merge Node AlaSQL SQL Mode

Impact An authenticated user with permission to create or modify workflows could use the Merge node's "Combine by SQL" mode to read local files on the n8n host and achieve remote code execution. The AlaSQL sandbox did not sufficiently restrict certain SQL statements, allowing an attacker to acces...

9.4CVSS6.1AI score0.00951EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/25 9:4 p.m.10 views

Rails Active Storage has a possible DoS vulnerability in proxy mode via multi-range requests

Impact Active Storage's proxy controller does not limit the number of byte ranges in an HTTP Range header. A request with thousands of small ranges causes disproportionate CPU usage compared to a normal request for the same file, possibly resulting in a DoS vulnerability. Releases The fixed...

6.5CVSS5.3AI score0.00434EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/25 9:3 p.m.7 views

smol-toml: Denial of Service via TOML documents containing thousands of consecutive commented lines

Summary An attacker can send a maliciously crafted TOML to cause the parser to crash, because of a stack overflow caused by thousands of consecutive commented lines. The library uses recursion internally while parsing to skip over commented lines, which can be exploited to crash an application th...

6.1AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/25 9:2 p.m.4 views

Protobuf: Denial of Service issue through malicious messages containing negative varints or deep recursion

Impact A Denial of Service DoS vulnerability exists in the Protobuf PHP library during the parsing of untrusted input. Maliciously structured messages—specifically those containing negative varints or deep recursion—can be used to crash the application, impacting service availability. Patches...

7.1CVSS5.8AI score0.0036EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/25 8:23 p.m.6 views

Activitypub-Federation has SSRF via 0.0.0.0 bypass in activitypub-federation-rust v4_is_invalid()

Summary The v4isinvalid function in activitypub-federation-rust src/utils.rs does not check for Ipv4Addr::UNSPECIFIED 0.0.0.0. An unauthenticated attacker controlling a remote domain can point it to 0.0.0.0, bypass the SSRF protection introduced by the fix for CVE-2025-25194 GHSA-7723-35v7-qcxw,...

6.5CVSS5.9AI score0.00359EPSS
Exploits2References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/25 8:9 p.m.12 views

MantisBT has Stored HTML Injection/XSS when displaying Tags in Timeline

Improper escaping of tag names retrieved from History in Timeline myviewpage.php allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript, when displaying a tag that has been renamed or deleted. Impact Cross-site scripting XSS. Patches...

8.6CVSS6AI score0.00196EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/25 8:8 p.m.16 views

yaml is vulnerable to Stack Overflow via deeply nested YAML collections

Parsing a YAML document with yaml may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a depth bound. An attacker who can supply YAML for parsing can trigger a RangeError: Maximum call stack size exceeded with a small payload...

4.3CVSS5.9AI score0.00469EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/25 8:5 p.m.10 views

pypdf: Possible infinite loop during recovery attempts in DictionaryObject.read_from_stream

Impact An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires reading a file in non-strict mode. Patches This has been fixed in pypdf==6.9.2. Workarounds If users cannot upgrade yet, consider applying the changes from PR 3693...

8.2CVSS5.7AI score0.00455EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/25 8:4 p.m.9 views

Zoraxy: Authenticated Path Traversal in Config Import leads to RCE

Authenticated Path Traversal to RCE via Configuration Import Summary An authenticated path traversal vulnerability in the configuration import endpoint allows an authenticated user to write arbitrary files outside the config directory, which can lead to RCE by creating a plugin. Details The...

8.8CVSS6.2AI score0.00434EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/25 8:1 p.m.7 views

Sharp is Vulnerable to Path Traversal via Unsanitized Extension in FileUtil

Summary A path traversal vulnerability exists in the FileUtil class of the code16/sharp package. The application fails to sanitize file extensions properly, allowing path separators to be passed into the storage layer. Detail In src/Utils/FileUtil.php, the FileUtil::explodeExtension function...

8.8CVSS5.8AI score0.00547EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/25 8:0 p.m.6 views

Sharp has Unrestricted File Upload via Client-Controlled Validation Rules

Summary The code16/sharp Laravel admin panel package contains a vulnerability in its file upload endpoint that allows authenticated users to bypass all file type restrictions. Details The upload endpoint within the ApiFormUploadController accepts a client-controlled validationrule parameter. This...

8.8CVSS6.1AI score0.00507EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/25 7:56 p.m.9 views

MantisBT Vulnerable to Stored HTML Injection in Tag Delete Confirmation

Improper escaping of Tag name when deleting it in tagdelete.php allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript. Impact Cross-site scripting XSS. Patches 80990f43153167c73f11eb4b2bc7108d0c3d6b46 Workarounds Revert commit...

8.6CVSS6AI score0.00243EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/25 7:54 p.m.6 views

AVideo vulnerable to IP Address Spoofing via Untrusted HTTP Headers in getRealIpAddr()

Summary The getRealIpAddr function in objects/functions.php trusts user-controlled HTTP headers to determine the client's IP address. An attacker can spoof their IP address by sending forged headers, bypassing any IP-based access controls or audit logging. Vulnerable Code File:...

5.3CVSS5.8AI score0.00175EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/25 7:53 p.m.7 views

AVideo: Full-Read SSRF Through Unvalidated statsURL Parameter in plugin/Live/test.php

Summary The plugin/Live/test.php endpoint accepts a URL via the statsURL parameter and fetches it server-side using filegetcontents, curlexec, or wget, returning the full response content in the HTML output. The only validation is a trivial regex /^http/ that does not block requests to...

5.8AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/25 7:53 p.m.5 views

AVideo has Pre-Captcha User Enumeration and Account Status Disclosure in Password Recovery Endpoint

Summary The password recovery endpoint at objects/userRecoverPass.php performs user existence and account status checks before validating the captcha. This allows an unauthenticated attacker to enumerate valid usernames and determine whether accounts are active, inactive, or banned — at scale and...

5.3CVSS5.9AI score0.00278EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/25 7:52 p.m.5 views

AVideo Allows Unauthenticated Access to AD_Server reports.json.php that Exposes Ad Campaign Analytics and User Data

Summary The plugin/ADServer/reports.json.php endpoint performs no authentication or authorization checks, allowing any unauthenticated attacker to extract ad campaign analytics data including video titles, user channel names, user IDs, ad campaign names, and impression/click counts. The HTML...

5.3CVSS5.8AI score0.00315EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/25 7:52 p.m.6 views

AVideo vulnerable to Stored XSS via html_entity_decode() Reversing xss_esc() Sanitization in Channel About Field

Summary A sanitization order-of-operations flaw in the user profile "about" field allows any registered user to inject arbitrary JavaScript that executes when other users visit their channel page. The xssesc function entity-encodes input before stripspecifictags can match dangerous HTML tags, and...

5.4CVSS6AI score0.00176EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/25 7:51 p.m.7 views

AVideo has Path Traversal in pluginRunDatabaseScript.json.php Enables Arbitrary SQL File Execution via Unsanitized Plugin Name

Summary The objects/pluginRunDatabaseScript.json.php endpoint accepts a name parameter via POST and passes it to Plugin::getDatabaseFileName without any path traversal sanitization. This allows an authenticated admin or an attacker via CSRF to traverse outside the plugin directory and execute the...

7.2CVSS6.3AI score0.00493EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/25 7:41 p.m.7 views

PrestaShop has multiple stored XSS vulnerabilities via unprotected Template variables

Impact Multiple stored Cross-Site Scripting stored XSS vulnerabilities in the BO: an attacker who can inject data into the database, via limited back-office access or a previously existing vulnerability, can exploit unprotected variables in back-office templates. Patches Patched on 8.2.5 and 9.1....

7.6CVSS5.8AI score0.0027EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/25 7:40 p.m.5 views

PrestaShop: Improper Use of Validation Framework

Impact Fix improper use of validation framework Patches Patched in 8.2.5 and 9.1.0 Workarounds None References none...

5.3CVSS5.8AI score0.00237EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/25 7:38 p.m.5 views

SiYuan has directory traversal within its publishing service

Details The /api/file/readDir interface was used to traverse and retrieve the file names of all documents under a notebook. PoC python !/usr/bin/env python3 """POC: SiYuan /api/file/readDir 未鉴权目录遍历""" import requests, json, sys def poctarget: base = target.rstrip"/" url = f"base/api/file/readDir"...

9.8CVSS5.9AI score0.0066EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/25 7:36 p.m.4 views

SiYuan has Arbitrary Document Reading within the Publishing Service

Details Document IDs were retrieved via the /api/file/readDir interface, and then the /api/block/getChildBlocks interface was used to view the content of all documents. PoC python !/usr/bin/env python3 """SiYuan /api/block/getChildBlocks 文档内容读取""" import requests import json import sys def...

9.8CVSS5.8AI score0.00523EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/25 7:32 p.m.5 views

fastify: request.protocol and request.host Spoofable via X-Forwarded-Proto/Host from Untrusted Connections

Summary When trustProxy is configured with a restrictive trust function e.g., a specific IP like trustProxy: '10.0.0.1', a subnet, a hop count, or a custom function, the request.protocol and request.host getters read X-Forwarded-Proto and X-Forwarded-Host headers from any connection — including...

6.1CVSS5.8AI score0.0012EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/25 7:30 p.m.8 views

WeChat Pay callback signature verification bypassed when Host header is localhost

Summary The verifywechatsign function in src/Functions.php unconditionally skips all signature verification when the PSR-7 request reports localhost as the host. An attacker can exploit this by sending a crafted HTTP request to the WeChat Pay callback endpoint with a Host: localhost header,...

8.6CVSS5.9AI score0.00503EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/25 6:31 p.m.6 views

Seafile Server has multiple stored XSS vulnerabilities

Multiple Stored XSS vulnerabilities exist in Seafile Server version 13.0.15,13.0.16-pro,12.0.14 and prior and fixed in 13.0.17, 13.0.17-pro, and 12.0.20-pro, via the Seadoc sdoc editor. The application fails to properly sanitize WebSocket messages regarding document structure updates. This allows...

8.7CVSS5.9AI score0.00278EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/25 6:31 p.m.5 views

Plexus-Utils has a Directory Traversal vulnerability in its extractFile method

Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute arbitrary code...

8.8CVSS6.2AI score0.00663EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/25 6:31 p.m.8 views

Mattermost allows attackers to take over arbitrary user accounts via overly permissive substring matching flaw

Mattermost versions 11.4.x = 11.4.0, 11.3.x = 11.3.1, 11.2.x = 11.2.3, 10.11.x = 10.11.11 fail to properly validate user identity in the OpenID IsSameUser comparison logic, which allows an attacker to take over arbitrary user accounts via an overly permissive substring matching flaw in the user...

6.1CVSS6AI score0.0018EPSS
Exploits0References3Affected Software2
Github Security Blog
Github Security Blog
added 2026/03/25 6:31 p.m.8 views

Mattermost doesn't properly validate CSRF tokens

Mattermost versions 11.2.x = 11.2.2, 10.11.x = 10.11.10, 11.4.x = 11.4.0, 11.3.x = 11.3.1 fail to properly validate CSRF tokens in the /api/v4/accesscontrolpolicies/policyid/activate endpoint, which allows an attacker to trick an admin into changing access control policy active status via a craft...

4.6CVSS5.9AI score0.00123EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/25 6:31 p.m.5 views

Mattermost doesn't rate limit login requests, allowing DoS

Mattermost versions 11.4.x = 11.4.0, 11.3.x = 11.3.1, 11.2.x = 11.2.3, 10.11.x = 10.11.11 fail to rate limit login requests which allows unauthenticated remote attackers to cause denial of service server crash and restart via HTTP/2 single packet attack with 100+ parallel login requests...

6.5CVSS5.9AI score0.00305EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/25 6:31 p.m.15 views

Mattermost: Authenticated DoS through failure to prevent rendering of external SVGs on link embeds

Mattermost versions 11.4.x = 11.4.0, 11.3.x = 11.3.1, 11.2.x = 11.2.3, 10.11.x = 10.11.11 fail to prevent rendering of external SVGs on link embeds which allows unauthenticated users to crash the Mattermost webapp and desktop app via creating an issue or PR on GitHub. Mattermost Advisory ID:...

7.5CVSS5.9AI score0.00351EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/25 6:31 p.m.4 views

textract is vulnerable to OS Command Injection

textract through 2.5.0 is vulnerable to OS Command Injection via the file path parameter in multiple extractors. When processing files with malicious filenames, the filePath is passed directly to childprocess.exec in lib/extractors/doc.js, rtf.js, dxf.js, images.js, and lib/util.js with inadequat...

9.8CVSS5.9AI score0.02421EPSS
Exploits4References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/25 6:31 p.m.9 views

thumbler allows OS Command Injection

thumbler through 1.1.2 allows OS command injection via the input, output, time, or size parameter in the thumbnail function because user input is concatenated into a shell command string passed to childprocess.exec without proper sanitization or escaping...

9.8CVSS5.9AI score0.02308EPSS
Exploits4References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/25 6:31 p.m.7 views

node-tesseract-ocr is vulnerable to OS Command Injection through unsanitized recognize() function parameter

node-tesseract-ocr is an npm package that provides a Node.js wrapper for Tesseract OCR. In all versions through 2.2.1, the recognize function in src/index.js is vulnerable to OS Command Injection. The file path parameter is concatenated into a shell command string and passed to childprocess.exec...

9.8CVSS5.9AI score0.01706EPSS
Exploits3References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/25 5:50 p.m.22 views

AVideo has a Blind SQL Injection in Live Schedule Reminder via Unsanitized live_schedule_id in Scheduler_commands::getAllActiveOrToRepeat()

Summary The remindMe.json.php endpoint passes $REQUEST'livescheduleid' through multiple functions without sanitization until it reaches Schedulercommands::getAllActiveOrToRepeat, which directly concatenates it into a SQL LIKE clause. Although intermediate functions new Liveschedule,...

8.8CVSS6AI score0.00347EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/25 5:49 p.m.11 views

AVideo: Video Moderator Privilege Escalation via Ownership Transfer Enables Arbitrary Video Deletion

Summary A user with the "Videos Moderator" permission can escalate privileges to perform full video management operations — including ownership transfer and deletion of any video — despite the permission being documented as only allowing video publicity changes Active, Inactive, Unlisted. The roo...

7.6CVSS6AI score0.0024EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/25 5:48 p.m.7 views

AVideo's GET-Based CSRF in setPermission.json.php Enables Privilege Escalation via Arbitrary Permission Modification

Summary The plugin/Permissions/setPermission.json.php endpoint accepts GET parameters for a state-changing operation that modifies user group permissions. The endpoint has no CSRF token validation, and the application explicitly sets session.cookiesamesite=None on session cookies. This allows an...

8.8CVSS6AI score0.00172EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/25 5:47 p.m.21 views

AVideo Vulnerable to OS Command Injection via Unsanitized `users_id` and `liveTransmitionHistory_id` in Restreamer Log File Path

Summary The restreamer endpoint constructs a log file path by embedding user-controlled usersid and liveTransmitionHistoryid values from the JSON request body without any sanitization. This log file path is then concatenated directly into shell commands passed to exec, allowing an authenticated...

8.8CVSS6.5AI score0.00612EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/25 5:45 p.m.9 views

AVideo Vulnerable to Remote Code Execution via MIME/Extension Mismatch in ImageGallery File Upload

Summary The ImageGallery::saveFile method validates uploaded file content using finfo MIME type detection but derives the saved filename extension from the user-supplied original filename without an allowlist check. An attacker can upload a polyglot file valid JPEG magic bytes followed by PHP cod...

8.8CVSS6.1AI score0.00639EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/25 5:44 p.m.12 views

LiquidJS has Exponential Memory Amplification through its replace_first Filter $& Pattern

Summary The replacefirst filter in LiquidJS uses JavaScript's String.prototype.replace which interprets $& as a backreference to the matched substring. The filter only charges memoryLimit for the input string length, not the amplified output. An attacker can achieve exponential memory amplificati...

7.5CVSS5.9AI score0.00471EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/25 5:40 p.m.36 views

LiquidJS: memoryLimit Bypass through Negative Range Values Leads to Process Crash

Summary LiquidJS's memoryLimit security mechanism can be completely bypassed by using reverse range expressions e.g., 100000000..1, allowing an attacker to allocate unlimited memory. Combined with a string flattening operation e.g., replace filter, this causes a V8 Fatal error that crashes the...

7.5CVSS6.1AI score0.00398EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/25 5:33 p.m.7 views

@grackle-ai/server JSON.parse lacks try-catch logic in its gRPC Service AdapterConfig Handling

Impact JSON.parseenv.adapterConfig is called without error handling in three locations within the gRPC service. While the data originates from the server's own SQLite database and should always be valid JSON, database corruption, migration errors, or unexpected state could cause an unhandled...

5.8AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/25 5:32 p.m.10 views

@grackle-ai/server has a Missing Secure Flag on Session Cookie

Impact The session cookie is set with HttpOnly; SameSite=Lax; Path=/ but does not include the Secure flag. This means the cookie will be sent over plain HTTP connections. Since the server binds to 127.0.0.1 by default and uses HTTP not HTTPS, this is acceptable for localhost use. However, when...

5.8AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/25 5:32 p.m.8 views

@grackle-ai/server has Missing Content-Security-Policy and X-Frame-Options Headers

Impact The HTTP server does not set Content-Security-Policy, X-Frame-Options, or X-Content-Type-Options headers on any response. This reduces defense-in-depth against XSS, clickjacking, and MIME-sniffing attacks. While the current XSS attack surface is small React-markdown is configured safely, n...

5.8AI score
Exploits0References2Affected Software1
Total number of security vulnerabilities33187