Server-side Request Forgery (SSRF)

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the message.action forwarding. An attacker can obtain sensitive credentials by supplying malicious loopback URLs through model-controlled action...

User Interface (UI) Misrepresentation of Critical Information

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to User Interface UI Misrepresentation of Critical Information via the approval display truncation. An attacker can execute unauthorized operations by submitting oversized exec commands with...

Insufficient Session Expiration

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Insufficient Session Expiration via the secret revocation webhook. An attacker can maintain access using previously valid webhook secrets by sending webhook events during the period after...

User Impersonation

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to User Impersonation in the allowFrom feature that relies on mutable Slack display names. An attacker can gain unauthorized access to agent privileges by modifying their Slack display name ...

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition via the node pairing reconnection. An attacker can gain unauthorized node authority by exploiting logic flaws that allow restoration or...

Cross-site Scripting (XSS)

Overview apostrophe is a content management system CMS for Node.js. It supports in-context editing, schema-driven content types, flexible widgets and a great deal more. This module contains everything necessary to build a website with ApostropheCMS. Affected versions of this package are vulnerabl...

Server-side Request Forgery (SSRF)

Overview apostrophe is a content management system CMS for Node.js. It supports in-context editing, schema-driven content types, flexible widgets and a great deal more. This module contains everything necessary to build a website with ApostropheCMS. Affected versions of this package are vulnerabl...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS incomplete validation of URI schemes in attributes such as action, formaction, data, poster, and background. An attacker can execute arbitrary scripts in the context of the user’s browser by injecting a crafted...

Cross-site Scripting (XSS)

Overview sanitize-html is a library that allows you to clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis Affected versions of this package are vulnerable to Cross-site Scripting XSS incomplete validation of URI schemes in attributes su...

Cross-site Scripting (XSS)

Overview @apostrophecms/seo is a SEO Tools for ApostropheCMS Affected versions of this package are vulnerable to Cross-site Scripting XSS via the injection of unsanitized values from the seoGoogleTrackingId and seoGoogleTagManager fields into the contents of a tag. A user with editor-level access...

Prototype Pollution

Overview apostrophe is a content management system CMS for Node.js. It supports in-context editing, schema-driven content types, flexible widgets and a great deal more. This module contains everything necessary to build a website with ApostropheCMS. Affected versions of this package are vulnerabl...

Improper Encoding or Escaping of Output

Overview fabric is an Object model for HTML5 canvas, and SVG-to-canvas parser. Backed by jsdom and node-canvas. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the toSVG and getSvgStyles/getSvgSpanStyles paths in the gradient, object, and text SVG...

Improper Encoding or Escaping of Output

Overview org.webjars.npm:fabric is an Object model for HTML5 canvas, and SVG-to-canvas parser. Backed by jsdom and node-canvas. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the toSVG and getSvgStyles/getSvgSpanStyles paths in the gradient, object...

Cross-site Scripting (XSS)

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the FilesController.createFile and FilesRouter file-extension handling in the file upload...

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere via the handleLogIn and verifyPassword user...

CRLF Injection

Overview Affected versions of this package are vulnerable to CRLF Injection via the multiPartHeader function when untrusted input is provided via field or filename to FormDataappend. An attacker can inject additional headers or multipart parts by including carriage returns, line feeds, or double...

CRLF Injection

Overview Affected versions of this package are vulnerable to CRLF Injection via the multiPartHeader function when untrusted input is provided via field or filename to FormDataappend. An attacker can inject additional headers or multipart parts by including carriage returns, line feeds, or double...

Incorrect Authorization

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Incorrect Authorization through the handleBatch request dispatcher in the batch request handling code. An attacker can reach...

Authorization Bypass Through User-Controlled Key

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the reduceRelationKeys and authorizeRelatedToQuery paths in...

Missing Authorization

Overview typo3/cms-form is a Form Library, Plugin and Editor Affected versions of this package are vulnerable to Missing Authorization in the processing of form definition files by the Form Framework. An attacker can gain administrative privileges by uploading and using maliciously crafted files...

Missing Authorization

Overview typo3/cms-core is a free open source enterprise content management system. Affected versions of this package are vulnerable to Missing Authorization in the Recycler module. An attacker can restore soft-deleted records on pages or tables they are not authorized to modify by accessing the...

Open Redirect

Overview typo3/cms-core is a free open source enterprise content management system. Affected versions of this package are vulnerable to Open Redirect via the GeneralUtility::sanitizeLocalUrl function. An attacker can redirect users to external sites by crafting a URL that passes the sanitization...

Missing Authorization

Overview typo3/cms-core is a free open source enterprise content management system. Affected versions of this package are vulnerable to Missing Authorization due to missing authorization checks when handling file mount folders. An attacker can perform unauthorized write operations, such as moving...

Missing Authorization

Overview typo3/cms-form is a Form Library, Plugin and Editor Affected versions of this package are vulnerable to Missing Authorization via the DataHandler. An attacker can execute unauthorized database queries and gain elevated privileges by directly manipulating form definition records, bypassin...

Missing Authorization

Overview typo3/cms-core is a free open source enterprise content management system. Affected versions of this package are vulnerable to Missing Authorization via the DataHandler file. An attacker can move records to a different page without having edit permissions on the source page by sending...

Missing Authorization

Overview typo3/cms-form is a Form Library, Plugin and Editor Affected versions of this package are vulnerable to Missing Authorization via the upload for form definition files with mixed-case extensions. An attacker can escalate privileges by uploading maliciously crafted files that execute...

Missing Authorization

Overview typo3/cms-core is a free open source enterprise content management system. Affected versions of this package are vulnerable to Missing Authorization via the upload for form definition files with mixed-case extensions. An attacker can escalate privileges by uploading maliciously crafted...

Directory Traversal

Overview typo3/cms-filelist is a TYPO3 backend module FileFilelist used for managing files. Affected versions of this package are vulnerable to Directory Traversal via the Media Module when backend users with file download permissions access the fallback storage of the file abstraction layer. An...

Deserialization of Untrusted Data

Overview typo3/cms-extbase is a TYPO3 CMS Extbase - Extension framework to create TYPO3 frontend plugins and TYPO3 backend modules. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the VariableFrontend or Registry. An attacker can execute arbitrary PHP cod...

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the VariableFrontend or Registry. An attacker can execute arbitrary PHP code by injecting a crafted serialized payload into the underlying storage backend, such as the cache store or sysregistry...

Deserialization of Untrusted Data

Overview typo3/cms-install is a TYPO3 extension install. The Install Tool is used for installation, upgrade, system administration and setup tasks. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the VariableFrontend or Registry. An attacker can execute...

Deserialization of Untrusted Data

Overview typo3/cms-core is a free open source enterprise content management system. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the VariableFrontend or Registry. An attacker can execute arbitrary PHP code by injecting a crafted serialized payload into...

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the VariableFrontend or Registry. An attacker can execute arbitrary PHP code by injecting a crafted serialized payload into the underlying storage backend, such as the cache store or sysregistry...

Deserialization of Untrusted Data

Overview typo3/cms-form is a Form Library, Plugin and Editor Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the VariableFrontend or Registry. An attacker can execute arbitrary PHP code by injecting a crafted serialized payload into the underlying storage...

Directory Traversal

Overview typo3/cms-core is a free open source enterprise content management system. Affected versions of this package are vulnerable to Directory Traversal via the GeneralUtility::isAllowedAbsPath function. An attacker can access files outside the intended project root by creating new file storag...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the Backend API routes. An attacker can access unauthorized file metadata by sending crafted requests to endpoints without proper permission checks, potentially retrieving information about files outside their...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the clipboard. An attacker can access unauthorized records and files by inserting arbitrary entries into the clipboard without proper permission checks. Remediation Upgrade typo3/cms-backend to version 13.4.31,...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via rendering page titles in frontend search results without proper output encoding. An attacker can execute arbitrary scripts in the context of the user's browser by injecting malicious HTML markup into page...

Buffer Over-read

Overview tornado is a Python web framework and asynchronous networking library, originally developed at FriendFeed. Affected versions of this package are vulnerable to Buffer Over-read via the websocketmask function in the speedups component. An attacker can trigger a read past the end of the mas...

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the HttpOperation::WriteMemoryCallback. An attacker can cause memory exhaustion by sending a large or unbounded HTTP response when the configured collector endpoint is attacker-controlled ...

Incorrect Authorization

Overview chromadb is a Chroma. Affected versions of this package are vulnerable to Incorrect Authorization due to improper evaluation of permissions in the SimpleRBACAuthorizationProvider function. An attacker can gain unauthorized access to resources across different tenants by exploiting the la...

Authorization Bypass Through User-Controlled Key

Overview chromadb is a Chroma. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key due to insufficient authorization checks when UUID is provided. An attacker can gain unauthorized access to read, write, update, or delete data belonging to other...

Authorization Bypass Through User-Controlled Key

Overview chromadb is a Chroma. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the V1 collection-level endpoints passing None for tenant and database to the authorization layer. An attacker can gain unauthorized access to resources by...

Arbitrary Code Injection

Overview chromadb is a Chroma. Affected versions of this package are vulnerable to Arbitrary Code Injection in the api/v2/tenants/defaulttenant/databases/defaultdatabase/collections/collectionid endpoint when a malicious model repository is sent and trustremotecode is set to true. An attacker can...

HTTP Request Smuggling

Overview io.netty:netty-codec-http is a network application framework for rapid development of maintainable high performance protocol servers & clients. Affected versions of this package are vulnerable to HTTP Request Smuggling in HttpObjectDecoder.java, which skips whitespace as well as bytes...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in RedisArrayAggregator. An attacker who sends a small RESP array header declaring a very large element count can force the aggregator to reserve a large ArrayList via the...

Insecure Randomness

Overview Affected versions of this package are vulnerable to Insecure Randomness in the form of generating stateless reset-tokens based on HMAC connection ID. An attacker in a MitM position can deduce token material by observing QUIC headers after a source CID rotation, and can cause service...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in shouldWaitForDynamicTableUpdates in QpackDecoder. An attacker can open an indefinite number of persistently blocked streams by sending headers that reference dynamic table entries...

Improper Verification of Cryptographic Signature

Overview io.netty:netty-handler is a library that provides an asynchronous event-driven network application framework and tools for rapid development of maintainable high performance and high scalability protocol servers and clients. In other words, Netty is a NIO client server framework which...

Allocation of Resources Without Limits or Throttling

Overview io.netty:netty-codec-http2 is a HTTP2 sub package for the netty library, an event-driven asynchronous network application framework. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the handling of the SETTINGSMAXHEADERLISTSIZE...