33100 matches found
pnpm Vulnerable to Arbitrary File Write/Delete via Malicious Patch File (Path Traversal)
Summary pnpm's patch application pipeline @pnpm/patch-package performs no path validation on file paths extracted from .patch files. An attacker who contributes a malicious patch file via a pull request can write attacker-controlled content to or delete arbitrary files on the filesystem during pn...
pnpm binds unscoped user-level npm auth credentials to a repository-selected registry
Summary pnpm can send user-level unscoped npm authentication credentials to a registry chosen by a repository-local .npmrc file. In the reproduced case, the user's npm config contains a default registry and an unscoped authToken. The repository does not provide a token-bearing auth line. It only...
pnpm: Transitive dependency alias path traversal allows project path override via symlink replacement
Summary pnpm allows a transitive dependency alias from registry package metadata to contain path traversal segments. During install, pnpm later uses that alias as a filesystem path when linking dependency nodes. As a result, a registry package can cause pnpm install - ignore-scripts to replace...
pnpm: Git Fetch Argument Injection via Lockfile resolution.commit
Summary pnpm passes the lockfile-controlled git resolution.commit value to git fetch without a -- separator or commit-format validation. For git dependencies fetched through the shallow-fetch path, a malicious lockfile can replace the expected 40-character commit hash with a Git option such as...
pnpm Has an Integrity Check Bypass via Missing Lockfile Integrity Field
Summary pnpm's tarball extraction worker skips integrity verification when the integrity field is absent from the lockfile resolution. If an attacker can both modify pnpm-lock.yaml to remove the integrity: field and cause the referenced registry URL to serve altered package content, pnpm install...
pnpm: Unsafe default behavior breaks integrity check
While it is unclear whether this should be classified as a vulnerability, it is being reported through this channel because the current behavior may represent an unsafe default. Summary pnpm install in non-frozen mode can accept new remote package content after detecting that the downloaded tarba...
ex_aws_sns: Trusted-attacker `SigningCertURL` permits complete SNS signature bypass
Summary ExAws.SNS.verifymessage/1 fetches the signing certificate from the SigningCertURL field of the incoming SNS message without validating that the URL uses HTTPS or that its host is an AWS-owned SNS certificate domain. An unauthenticated attacker who can POST to any endpoint that calls...
js-toml has silent type confusion via falsy-primitive duplicate-key bypass
Summary js-toml's interpreter checks whether a key already exists in a parser-built container with if objectkey instead of if key in object. When the prior value is a falsy primitive — false, 0, 0n, 0.0, -0, or "" — the duplicate-key branch is skipped and the value is silently overwritten by a...
regclient may leak authentication credentials to external blob stores
Credentials for a registry may be inadvertently leaked to external servers. A prerequisite for this attack is a malicious registry server, a malicious blob store, or a registry that does not restrict the external URLs for foreign blobs. Example attack A malicious registry serves an OCI image...
Authelia has an Edge Case Access Control Rule Mismatch
Impact CVSSv4 Baseline Score: Low 2.4 CVSSv4 Weighted Score: Low 1.3 The full CVSSv4 Vector for this vulnerability is: CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:P/CR:H/IR:L/AR:L/MAV:N/MAC:H/MAT:P/MPR:L/MVC:L/MVI:N/MVA:N/MSC:L/MSI:N/MSA:N/S:N/AU:Y/R:U/V:D/RE:L/U:Amber...
Nezha vulnerable to cross-tenant terminal/file-manager session hijack via WebSocket stream UUID without ownership check
Summary In nezha v1.14.13–v1.14.14 and v2.0.0–v2.0.9, the WebSocket endpoints GET /ws/terminal/:id and GET /ws/file/:id authenticate the caller only by the presence of a valid stream UUID, with no ownership check tying that UUID to the user who created the stream. Any authenticated dashboard user...
Blnk has an API key authorization bypass in owner and scope enforcement
Blnk API key endpoints had an authorization issue that allowed non-master API keys to perform key-management actions outside their intended authorization boundary. In affected versions, API key operations trusted caller-controlled request values for owner and scope decisions. As a result, a...
YARD static cache reads raw traversal paths before router sanitization
Summary YARD's static cache lookup reads a request path before the router's path cleanup runs. When a server is configured with a document root, a traversal path such as /../yard-cache-secret.html is joined against that root and can return a readable sibling .html file outside the intended static...
@microsoft/kiota-http-fetchlibrary: Bearer token and Cookie leak across origin on redirect due to case-mismatched scrub in fetchRequestAdapter
Summary @microsoft/kiota-http-fetchlibrary's RedirectHandler is documented as stripping Authorization and Cookie from cross-origin redirect targets, but the default scrubSensitiveHeaders callback in RedirectHandlerOptions uses case-sensitive property deletion delete headers.Authorization, delete...
js-toml vulnerable to CPU exhaustion via O(n^2) BigInt construction on radix-prefixed integer literals
Summary js-toml versions up to and including 1.1.0 parse hexadecimal / octal / binary integer literals via a hand-written parseBigInt loop that multiplies a BigInt accumulator by the radix once per input digit. Each iteration performs a BigInt BigInt operation on an accumulator that grows linearl...
SolidInvoice: IDOR in LiveComponent allows same-company cross-user access to API tokens and notification transport settings
Summary Four authorization bypass vulnerabilities in Symfony LiveComponent actions allow any authenticated user within a company to access, modify, or delete other users' API tokens and notification transport settings. The root cause is that LiveComponent actions accept entity IDs without verifyi...
Statamic CMS's unsafe method invocation via collection sorting allows data destruction
Impact The fix for GHSA-4jjr-vmv7-wh4w was incomplete. It addressed the issue in the query builder, but the same protection was not applied to in-memory collection sorting. Manipulating sort parameters could result in the loss of content and assets. This requires a front-end template that passes...
Statamic CMS: Missing authorization on Control Panel fieldtype endpoints allows disclosure of restricted resources
Impact An authenticated Control Panel user could view metadata and content for resources they don't have permission to view, including entries, assets, users, roles, groups, and other configured resources. Depending on the resource, this could expose titles, custom field values, entry content,...
PhpWeasyPrint vulnerable to SSRF and local file disclosure via the attachment option
Summary pontedilana/php-weasyprint fetches the content of option values server-side via filegetcontents when the value looks like a URL, without restricting the URL scheme. The attachment option of Pdf is the reachable sink: any value that passes isOptionUrl filtervar..., FILTERVALIDATEURL is...
PhpWeasyPrint vulnerable to arbitrary file deletion at shutdown via public $temporaryFiles
Summary AbstractGenerator::$temporaryFiles is a public array, and removeTemporaryFiles — invoked from destruct and from a registered shutdown function — calls unlink on every entry without verifying that the path is contained within the temporary folder. Any code holding a reference to a generato...
PhpWeasyPrint vulnerable to PHAR deserialization via output filename (CVE-2023-28115 case-insensitive bypass)
Summary pontedilana/php-weasyprint guarded the output filename against the phar:// stream wrapper with a case-sensitive blacklist: php if 0 === \strpos$filename, 'phar://' throw new \InvalidArgumentException'The output file cannot be a phar archive.'; PHP stream wrappers are case-insensitive, so...
Hackney vulnerable to atom-table exhaustion via unrecognized URL schemes
Summary CVE-2026-47067 is an atom table exhaustion vulnerability CWE-770 in hackney's URL parser src/hackneyurl.erl. hackneyurl:parseurl/1 converts every URL scheme it encounters into a BEAM atom via binarytoatom/2. Because BEAM atoms are never garbage-collected and the atom table has a hard limi...
Hackney has unbounded buffer accumulation in WebSocket
Summary The WebSocket client in src/hackneyws.erl imposes no upper bound on memory consumption across three distinct code paths. In each case, an attacker-controlled WebSocket server can exhaust the connecting process's memory without any authentication or special client configuration. Details 1...
Hackney has CRLF / header injection in WebSocket upgrade request
Summary CRLF injection in hackney's WebSocket upgrade request builder src/hackneyws.erl. init/1 copies the host, path, headers, and protocols options from the caller-supplied opts map verbatim into wsdata, and dohandshake/1 splices them directly into the raw HTTP/1.1 upgrade request by binary...
Hackney has CR/LF injection in query parameter
Summary hackneyurl:makeurl/3 passes the URL query component directly into the HTTP/1.1 request target without percent-encoding \r or \n. RFC 3986 §3.4 requires characters outside the query grammar to be percent-encoded, but no validation or escaping occurs. An attacker who controls any portion of...
Hackney: Per-chunk timeout with unbounded body accumulation enables slow-drip OOM
Summary hackneyh3:awaitresponseloop/6 in src/hackneyh3.erl accumulates the HTTP/3 response body in memory without any size cap. The after Timeout clause is a per-message inactivity timer, not a wall-clock deadline: every received streamdata chunk, housekeeping select message, or settings frame...
Hackney: Cross-origin Redirect Leaks Authorization, Cookie, and Request Body
Summary The HTTP/3 redirect handler in src/hackneyh3.erl forwards the original request headers Authorization, Cookie, Proxy-Authorization and, for 307/308 responses, the original request body to the redirect target without checking whether the target host matches the origin. When followredirect i...
Hackney has SSRF allowlist bypass in hackney_url:normalize/2 via percent-encoded host
Summary hackneyurl:normalize/2 URL-decodes the host component of a parsed URL, but the caller's SSRF allowlist runs before normalization using OTP's uristring:parse/1 and inet:parseaddress/1, neither of which decodes percent-escapes in hostnames. A URL like http://%31%32%37%2E%30%2E%30%2E%31/...
Hackney has CRLF / header injection via unvalidated `domain` and `path` options
Summary CRLF injection in hackneycookie:setcookie/3 src/hackneycookie.erl. The function validates Name and Value against CR/LF and control characters but concatenates the domain and path options verbatim into the output binary. If either option carries attacker-controlled data, a Host header...
Hackney: `ssl:connect/2` post-handshake upgrade has no timeout
Summary The SOCKS5 transport in src/hackneysocks5.erl correctly applies the caller-supplied timeout to the SOCKS5 negotiation phase, but then upgrades the tunnel to TLS using ssl:connect/2 the two-argument form, which defaults to infinity. The Timeout value is in scope at that call site but is...
Hackney has an infinite loop on non-token byte at start of an Alt-Svc entry
Summary CVE-2026-47066 is an infinite loop CWE-835 in hackney's Alt-Svc response header parser src/hackneyaltsvc.erl. When an HTTP server returns an Alt-Svc header whose value begins with a non-token byte e.g. !, @, =, ;, the parser enters a tight tail-recursive loop that pins an Erlang scheduler...
Streamable HTTP mode exposes LINE Desktop read/send tools without MCP authentication
Streamable HTTP mode exposes LINE Desktop read/send tools without MCP authentication Summary line-desktop-mcp supports a --http-mode Streamable HTTP transport for use with clients such as n8n. In this mode the server binds to 0.0.0.0 and exposes the MCP /mcp endpoint without an MCP-layer...
Aimeos Pagible CMS vulnerable to Server Side Request Forgery (SSRF) via DNS rebinding in admin proxy
Summary The administrative proxy route cmsproxy in Aimeos Pagible CMS is vulnerable to a Server-Side Request Forgery SSRF attack via DNS Rebinding. A Time-of-Check to Time-of-Use TOCTOU race condition exists between the URL validation phase and the actual HTTP request phase, allowing attackers to...
pnpm: Tarball hash of GitHub git dependencies is not stored in lockfile
Summary A malicious codeload.github.com server can serve whatever tarball it wants and pnpm will install it regardless of the lockfile. Details The lockfile does not store the hash of the dependencies from https://codeload.github.com This means that if this server was compromised or a person's...
Cargo crates in third party registries can override the cached source of other crates
The Rust Security Response Team was notified that Cargo incorrectly handled symlinks inside of crate tarballs downloaded from third-party registries, allowing a malicious crate to override the source code of another crate from the same registry. This vulnerability is tracked as CVE-2026-5223. The...
Cargo can be coerced to share credentials between registries
The Rust Security Response Team was notified that Cargo incorrectly normalized the URLs of third-party registries using the sparse index protocol1. If a hosting provider allowed multiple registries to be hosted with arbitrary names within the same domain, an attacker able to publish crates in a...
php-weasyprint: shell command injection via configurable WeasyPrint binary path due to inverted is_executable() guard (mirror of KnpLabs/snappy GHSA-vpr4-p6fq-85jc)
Summary pontedilana/php-weasyprint builds the shell command for WeasyPrint by passing the binary path through escapeshellarg first and then checking the quoted result with isexecutable. On POSIX escapeshellarg'/usr/local/bin/weasyprint' returns '/usr/local/bin/weasyprint' with the single-quote...
Nebula Mesh: Web UI lacks ownership checks, enabling cross-operator access to hosts and networks (read, block, delete)
Summary The web UI /ui/ does not apply the per-operator CA scoping the JSON API received for GHSA-598g-h2vc-h5vg. Any authenticated non-admin operator for example, one created via self-registration or OIDC can access resources belonging to other operators. Impact A non-admin operator can: - Block...
phpMyFAQ has an incomplete fix for GHSA-xvp4-phqj-cjr3 — editUser() and updateUserRights() lack authorization guards
Advisory / Disclosure phpMyFAQ 4.1.3 — incomplete fix for the admin-API IDOR/privilege-escalation class Target: thorsten/phpMyFAQ composer: thorsten/phpmyfaq, phpmyfaq/phpmyfaq Affected: "Only SuperAdmins may change other users' attributes. Self-service is always allowed." and "a non-SuperAdmin...
@cardano402/mcp-server missing spending limits, LAN-exposed HTTP transport, and SSRF via catalog.server.url
Summary @cardano402/mcp-server versions = 0.1.1 ship three security gaps that can lead to unauthorized fund movement when the package is used as designed an MCP server exposing Cardano payment tools to an Impact 1. No spending limits on signed payments An LLM or prompt-injected LLM calling tools...
mcp-pinot: Unauthenticated tool invocation via default oauth_enabled=False + host 0.0.0.0 bind
Resolution Fixed in v3.1.0, released 2026-05-25. The fix was merged in PR 95 at commit 1c7d3f9. The fix changes the default HTTP bind host to 127.0.0.1, refuses non-loopback HTTP/HTTPS exposure unless OAuth is enabled, makes Helm exposure opt-in and OAuth-gated, and adds parser-backed...
Relyra SAML SignatureValue not cryptographically verified -> authentication bypass
Summary Relyra 1.0.0 and 1.1.0 accept forged SAML signatures because SignatureValue was not cryptographically verified before the library returned a successful authentication result. Details In 1.0.0 and 1.1.0, the XMLDSig trust boundary was incomplete. :publickey.verify over the exclusive-C14N...
mcp-memory-service: OAuth read-only clients can write and delete memories through MCP tools/call
Summary The HTTP MCP JSON-RPC endpoint at /mcp requires only OAuth read scope for all requests, then dispatches tools/call directly to handlers that include mutating tools. A read-only OAuth client can call storememory and deletememory through MCP even though the corresponding REST endpoints...
deepstream is vulnerable to prototype pollution
Impact Prototype pollution in deepstream server v =10.0.4. Potential privilege escalation from any authenticated user with write permission to any record. Patches Yes, upgrade to v10.0.5 Workarounds Filter out all messages containing the path proto, constructor, prototype, before they reach the...
Dosage Vulnerable to Stored Cross-Site Scripting (XSS) in HTML/RSS Output Handlers
Summary The HTML and RSS output handlers in dosagelib/events.py write user-controlled content comic text and page URLs directly into generated files without proper HTML escaping. When a user scrapes a malicious webcomic and opens the generated HTML/RSS file, attacker-controlled JavaScript can...
Scriban: ExpressionDepthLimit guard is non-enforcing — parser-recursion DoS in 6.6.0–7.2.0 (incomplete fix for GHSA-wgh7-7m3c-fx25 / GHSA-p6q4-fgr8-vx4p)
Summary The ExpressionDepthLimit parser guard in Scriban does not actually stop parsing — it only logs a non-fatal error and lets recursive descent continue. As a result, a template containing a deeply nested expression parentheses, array initializers, object initializers, or unary operators driv...
Scriban: array * int (ScriptArray<T>.TryEvaluate) bypasses LoopLimit — incomplete fix for GHSA-c875-h985-hvrc, missed sibling of GHSA-24c8-4792-22hx
Summary The array multiplication operator array integer in Scriban allocates a result whose size is the product of the attacker-controlled integer and the array length, with no LoopLimit / LimitToString check and no overflow-safe arithmetic. A 40-byte template forces a multi-gigabyte allocation,...
nebula-mesh: Signed-poll nonce LRU is in-memory and bounded; replay survives restart + eviction
internal/api/pop/nonce.go:25,40,86 + internal/api/server.go:38 — the signed-poll nonce cache is an in-process LRU sized at 65,536 entries. internal/api/updates.go:31 sets pollClockSkew = 5 time.Minute as the replay window. Affected All released versions through v0.3.0 that have shipped the ADR 00...
WebauthnAuthenticator leaks sensitive HTTP headers through INFO-level logs
Impact Webauthn\Bundle\Security\Http\Authenticator\WebauthnAuthenticator logs the full Symfony\Component\HttpFoundation\Request object inside the log context of both onAuthenticationSuccess and onAuthenticationFailure at INFO level: php $this-logger-info'User has been authenticated successfully...
CakePHP: View::element() is missing a path containment check
Impact View::getElementFileName does not check that the resolved element path is within the application/plugin view template paths. When element names are created with specifically crafted user-supplied data this weakness can be leveraged to include other PHP files on the server. Patches Patched...