35669 matches found
Allocation of Resources Without Limits or Throttling
Overview @libp2p/gossipsub is an A typescript implementation of gossipsub Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the defaultDecodeRpcLimits in which maxIhaveMessageIDs and maxIwantMessageIDs are set to Infinity, allowing...
Directory Traversal
Overview @appium/storage-plugin is a Server-side storage plugin for Appium Affected versions of this package are vulnerable to Directory Traversal via the POST /storage/delete handler, which passes user-supplied input directly into path.join and fs.rimraf without proper path sanitization. An...
Cross-site Scripting (XSS)
Overview @appium/base-driver is a Base driver class for Appium drivers Affected versions of this package are vulnerable to Cross-site Scripting XSS via compileLodashTemplate. An attacker can execute arbitrary JavaScript in the context of the server origin by injecting malicious input into the...
Incomplete List of Disallowed Inputs
Overview RestrictedPython is a RestrictedPython is a defined subset of the Python language which allows to provide a program input into a trusted environment. Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via the checkfunctionargumentnames process. An...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the aroundrender. An attacker can execute arbitrary scripts in the context of the application by injecting malicious input that is not properly escaped. This can occur when user-controlled data is included i...
Access Control Bypass
Overview Affected versions of this package are vulnerable to Access Control Bypass in the renderin. An attacker can access sensitive information or perform unauthorized actions by exploiting stale render context, which may include helpers, controller, request, viewflow, format/variant details, an...
Cross-site Request Forgery (CSRF)
Overview serena-agent is an A powerful MCP toolkit for coding, providing semantic retrieval and editing capabilities - the IDE for your agent Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the unauthenticated Flask dashboard API, which is exposed on a fixed...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the submitTaakV2 process. An attacker can access and modify another user's task data, including marking tasks as completed and overwriting submitted information, by submitting request...
Improper Authorization
Overview Affected versions of this package are vulnerable to Improper Authorization in the GraphQL API's getDocumentContent and besluiten operations. An attacker can access sensitive personal data belonging to other users by querying these endpoints without proper authorization checks. This is...
Improper Authorization
Overview Affected versions of this package are vulnerable to Improper Authorization in the GraphQL API's getDocumentContent and besluiten operations. An attacker can access sensitive personal data belonging to other users by querying these endpoints without proper authorization checks. This is...
Improper Certificate Validation
Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to improper enforcement of the Certificate Revocation List on the gRPC listener when separate listeners are configured for HTTP and gRPC client endpoints. An attacker can gain unauthorized access and...
Improper Certificate Validation
Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to improper enforcement of the Certificate Revocation List on the gRPC listener when separate listeners are configured for HTTP and gRPC client endpoints. An attacker can gain unauthorized access and...
Improper Certificate Validation
Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to improper enforcement of the Certificate Revocation List on the gRPC listener when separate listeners are configured for HTTP and gRPC client endpoints. An attacker can gain unauthorized access and...
Improper Certificate Validation
Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to improper enforcement of the Certificate Revocation List on the gRPC listener when separate listeners are configured for HTTP and gRPC client endpoints. An attacker can gain unauthorized access and...
Improper Certificate Validation
Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to improper enforcement of the Certificate Revocation List on the gRPC listener when separate listeners are configured for HTTP and gRPC client endpoints. An attacker can gain unauthorized access and...
Improper Certificate Validation
Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to improper enforcement of the Certificate Revocation List on the gRPC listener when separate listeners are configured for HTTP and gRPC client endpoints. An attacker can gain unauthorized access and...
Embedded Malicious Code
Overview @injectivelabs/sdk-ts is a SDK in TypeScript for building Injective applications in a browser, node, and react native environment. Affected versions of this package are vulnerable to Embedded Malicious Code. The compromised version of this package contains a malicious trackKeyDerivation...
Open Redirect
Overview waku is a ⛩️ The minimal React framework Affected versions of this package are vulnerable to Open Redirect via the unstableredirect function. An attacker can cause a user to be redirected to an arbitrary external domain by supplying crafted input that is reflected into the HTTP Location...
Cross-site Request Forgery (CSRF)
Overview waku is a ⛩️ The minimal React framework Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF through the request process. An attacker can execute unauthorized server actions by sending cross-origin POST requests with CORS-safelisted content types, causing...
Permissive Cross-domain Policy with Untrusted Domains
Overview Affected versions of this package are vulnerable to Permissive Cross-domain Policy with Untrusted Domains through the unauthenticated local API exposed in proxy mode, which accepts cross-origin requests due to a permissive CORS policy and lack of authentication. An attacker can achieve...
Permissive Cross-domain Policy with Untrusted Domains
Overview Affected versions of this package are vulnerable to Permissive Cross-domain Policy with Untrusted Domains through the unauthenticated local API exposed in proxy mode, which accepts cross-origin requests due to a permissive CORS policy and lack of authentication. An attacker can achieve...
Directory Traversal
Overview org.dspace:dspace-api is a DSpace core data model and service APIs. Affected versions of this package are vulnerable to Directory Traversal through the handleCurationTask process in dspace-api/src/main/java/org/dspace/core/LDN.java. An attacker with DSpace administrator credentials can...
Improper Restriction of Names for Files and Other Resources
Overview org.dspace:dspace-api is a DSpace core data model and service APIs. Affected versions of this package are vulnerable to Improper Restriction of Names for Files and Other Resources via the OREIngestionCrosswalk.ingest process in...
Directory Traversal
Overview org.dspace:dspace-api is a DSpace core data model and service APIs. Affected versions of this package are vulnerable to Directory Traversal through the initCurator reporter output handling in dspace-api/src/main/java/org/dspace/curate/Curation.java. An attacker can overwrite or create...
Arbitrary Code Injection
Overview org.dspace:dspace-api is a DSpace core data model and service APIs. Affected versions of this package are vulnerable to Arbitrary Code Injection through the Velocity template processing in org.dspace.core.LDN and org.dspace.core.Email. An attacker with DSpace administrator credentials ca...
Uncontrolled Recursion
Overview trapster is a Trapster Daemon Affected versions of this package are vulnerable to Uncontrolled Recursion through the decodelabels function. An attacker can cause the application to crash and disrupt service by sending specially crafted UDP packets containing malformed DNS compression...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection via improper handling of user-supplied input in the generateCronTriggerCronJobSpec process. An attacker can execute arbitrary shell commands with root privileges in the CronJob pod by injecting malicious content into...
HTTP Request Smuggling
Overview Affected versions of this package are vulnerable to HTTP Request Smuggling via the ExtractHttpBodyOptionally helper in filters/openpolicyagent/openpolicyagent.go. An attacker can bypass opaAuthorizeRequestWithBody policy checks by sending a chunked HTTP/1.1 request or an HTTP/2 request...
Incomplete List of Disallowed Inputs
Overview lxml-html-clean is a HTML cleaner from lxml project Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the Cleaner process when handling namespaced URL attributes such as xlink:href with the safeattrsonly=False configuration. An attacker can execu...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the handling of protocol length headers in draft versions of the WebSocket protocol. An attacker can cause excessive memory consumption by sending a continuous sequence of byt...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the permessage-deflate extension. An attacker can cause the application to process messages that exceed the intended resource limits by sending compressed messages that, when...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the HTTP header parser process. An attacker can cause excessive memory consumption by sending an HTTP request or response with an unbounded number of headers, leading to memory...
Uncaught Exception
Overview Affected versions of this package are vulnerable to Uncaught Exception in the server process when handling a malformed Host header. An attacker can cause the server to crash by sending a specially crafted Host header that is not a valid host:port string, resulting in an uncaught exceptio...
Use After Free
Overview Affected versions of this package are vulnerable to Use After Free via the aggregate function callbacks in Databasecreateaggregate, createaggregatehandler, and Databasedefineaggregator. An attacker can trigger an invalid memory read and segmentation fault by keeping a prepared statement...
Use After Free
Overview Affected versions of this package are vulnerable to Use After Free in Databasedefinefunction and Databasecreatefunction through the custom function registry in lib/sqlite3/database.rb. An attacker can trigger a segmentation fault by redefining the same SQLite function name with a differe...
Directory Traversal
Overview copier is an A library for rendering project templates. Affected versions of this package are vulnerable to Directory Traversal via the trust process. An attacker can execute arbitrary commands by supplying a template reference that textually matches a trusted prefix but includes .. path...
Prototype Pollution
Overview engine.io is a realtime engine behind Socket.IO. It provides the foundation of a bidirectional connection between client and server Affected versions of this package are vulnerable to Prototype Pollution through the WebTransport upgrade handling in packages/engine.io/lib/server.ts. An...
Inefficient Algorithmic Complexity
Overview js-yaml is a human-friendly data serialization language. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in the merge key handling during YAML parsing, where each mapping in a chain re-enumerates the keys inherited from the previous mapping. An...
Inefficient Algorithmic Complexity
Overview org.webjars.npm:js-yaml is a human-friendly data serialization language. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in merge key handling during YAML parsing, where each mapping in a chain re-enumerates the keys inherited from the previous...
Inefficient Algorithmic Complexity
Overview js-yaml is a human-friendly data serialization language. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in merge key handling during YAML parsing, where each mapping in a chain re-enumerates the keys inherited from the previous mapping. An attacker...
Prototype Pollution
Overview protobufjs is a protocol buffer for JavaScript & TypeScript. Affected versions of this package are vulnerable to Prototype Pollution through the textformat file. An attacker can modify the prototype of the returned map object by supplying a specially crafted map entry with the key proto...
Uncaught Exception
Overview tar is a full-featured Tar for Node.js. Affected versions of this package are vulnerable to Uncaught Exception through improper handling of NUL bytes in the src/pax.ts file. An attacker can cause the application to terminate unexpectedly by providing a crafted archive containing NUL byte...
Prototype Pollution
Overview protobufjs-cli is a Translates between file formats and generates static code as well as TypeScript definitions. Affected versions of this package are vulnerable to Prototype Pollution through the textformat file. An attacker can modify the prototype of the returned map object by supplyi...
Uncaught Exception
Overview org.webjars.npm:tar is a full-featured Tar for Node.js. Affected versions of this package are vulnerable to Uncaught Exception through improper handling of NUL bytes in the src/pax.ts file. An attacker can cause the application to terminate unexpectedly by providing a crafted archive...
Allocation of Resources Without Limits or Throttling
Overview tar is a full-featured Tar for Node.js. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of enforced upper bounds on total decompressed data, entry counts, or decompression ratio in extraction and parsing paths such ...
Directory Traversal
Overview bbot is an OSINT automation for hackers. Affected versions of this package are vulnerable to Directory Traversal via the githubworkflows process. An attacker can write files outside the intended output directory by supplying a crafted CODEREPOSITORY URL containing directory traversal...
Symlink Attack
Overview bbot is an OSINT automation for hackers. Affected versions of this package are vulnerable to Symlink Attack in the unarchive process when extracting zip or 7z archives containing symlink entries with a DOS-attribute prefix before the unix mode, as produced by legacy versions of p7zip. An...
Inefficient Algorithmic Complexity
Overview js-yaml is a human-friendly data serialization language. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in the omapTag.addItem function of src/tag/sequence/omap.ts, which performs a linear scan for duplicate keys on every insertion into an ordered...
Prototype Pollution
Overview cyberchef is a simple, intuitive web app for carrying out all manner of "cyber" operations within a web browser. Affected versions of this package are vulnerable to Prototype Pollution leading to cross-site scripting in the Series Chart operation and the objToTable function in...
Server-side Request Forgery (SSRF)
Overview repomix is an A tool to pack repository contents to single file for AI consumption Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the processRemoteRepo path in POST /api/pack and its repository URL handling before git clone. An attacker can...