32245 matches found
Cross-site Scripting (XSS)
Overview phpoffice/phpspreadsheet is a Spreadsheet engine that Read, Create and Write Spreadsheet documents in PHP . Affected versions of this package are vulnerable to Cross-site Scripting XSS in the HTML export process when handling custom number format codes containing the @ text placeholder. ...
Missing Critical Step in Authentication
Overview github.com/coredns/coredns/core/dnsserver is a package that implements all the interfaces from Caddy, so that CoreDNS can be a servertype plugin. Affected versions of this package are vulnerable to Missing Critical Step in Authentication in the TSIG authentication process for gRPC, QUIC,...
Cross-site Scripting (XSS)
Overview phpoffice/phpspreadsheet is a Spreadsheet engine that Read, Create and Write Spreadsheet documents in PHP . Affected versions of this package are vulnerable to Cross-site Scripting XSS in the HTML generation process when a cell uses a custom number format containing the @ text placeholde...
Missing Authentication for Critical Function
Overview github.com/coredns/coredns/core/dnsserver is a package that implements all the interfaces from Caddy, so that CoreDNS can be a servertype plugin. Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the tsig plugin on non-plain-DNS...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization due to improper access control in the transfer process. An attacker can retrieve unauthorized zone contents by exploiting the incorrect selection of access control list stanzas when both parent and subzone rules ar...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the requestToMsgGet process. An attacker can exhaust CPU and memory resources by sending oversized DNS-over-HTTPS GET requests with large dns query parameters, causing the...
Allocation of Resources Without Limits or Throttling
Overview github.com/coredns/coredns/core/dnsserver is a package that implements all the interfaces from Caddy, so that CoreDNS can be a servertype plugin. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the DoQ server's handling of...
Access Control Bypass
Overview Affected versions of this package are vulnerable to Access Control Bypass through improper validation of the nick parameter in the user update process. An attacker can modify immutable account identifiers by intercepting and altering POST requests, potentially sabotaging audit trails,...
Use of Cache Containing Sensitive Information
Overview Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information due to the default KeyGenerator process in the cache middleware not including query parameters when generating cache keys. An attacker can access or cause exposure of user-specific or...
Use of Cache Containing Sensitive Information
Overview Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information due to the default KeyGenerator process in the cache middleware not including query parameters when generating cache keys. An attacker can access or cause exposure of user-specific or...
Use of Cache Containing Sensitive Information
Overview Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information due to the default KeyGenerator process in the cache middleware not including query parameters when generating cache keys. An attacker can access or cause exposure of user-specific or...
Malicious Package
Overview graphbase-js is a malicious package. This package contains malicious code, and its content was not yet removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview @solana-launchpad/sdk is a malicious package. This package contains malicious code, and its content was not yet removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Malicious Package
Overview @validate-ethereum-address/core is a malicious package. This package contains malicious code, and its content was not yet removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organizatio...
Malicious Package
Overview @validate-sdk/v2 is a malicious package. This package contains malicious code, and its content was not yet removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Malicious Package
Overview @meme-sdk/trade is a malicious package. This package contains malicious code, and its content was not yet removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...
Malicious Package
Overview terminal-prettier is a malicious package. This package contains malicious code, and its content was not yet removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Embedded Malicious Code
Overview @cap-js/db-service is a CDS base database service Affected versions of this package are vulnerable to Embedded Malicious Code that conceals an obfuscated payload designed to steal developer credentials during the package installation. The malicious versions and their contents are activel...
Arbitrary Code Execution
Overview Affected versions of this package are vulnerable to Arbitrary Code Execution in crypto/algifaead.c. The authencesn cryptographic template has a 4-byte overwrite past the end of its buffer, which can be controlled to write into the page cache of any readable file. This allows a...
Embedded Malicious Code
Overview @cap-js/sqlite is a CDS database service for SQLite Affected versions of this package are vulnerable to Embedded Malicious Code that conceals an obfuscated payload designed to steal developer credentials during the package installation. The malicious versions and their contents are...
Embedded Malicious Code
Overview mbt is a that triggers an 11.6 MB heavily obfuscated script execution.js during package installation. Once executed on a developer's machine, the malware steals the developer's credentials and weaponizes them to automatically create public GitHub repositories under the victim's account...
Embedded Malicious Code
Overview @cap-js/postgres is a CDS database service for Postgres Affected versions of this package are vulnerable to Embedded Malicious Code that conceals an obfuscated payload designed to steal developer credentials during the package installation. The malicious versions and their contents are...
Deserialization of Untrusted Data
Overview nvflare is a Federated Learning Application Runtime Environment Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the FOBS process. An attacker can achieve arbitrary code execution by sending a specially crafted FOBS-encoded message containing...
Authorization Bypass Through User-Controlled Key
Overview nvflare is a Federated Learning Application Runtime Environment Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the user management and authentication process. An attacker can gain unauthorized access, escalate privileges, tamper...
Improper Input Validation
Overview nvflare is a Federated Learning Application Runtime Environment Affected versions of this package are vulnerable to Improper Input Validation via the path traversal process. An attacker can access sensitive information by submitting crafted input that is not properly validated. Remediati...
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication in the VerifyHostToken function due to improper validation of JWT signatures. An attacker can impersonate any host in the network and gain access to sensitive information by forging a JWT signed with an arbitrary...
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication in the VerifyHostToken function due to improper validation of JWT signatures. An attacker can impersonate any host in the network and gain access to sensitive information by forging a JWT signed with an arbitrary...
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication in the VerifyHostToken function due to improper validation of JWT signatures. An attacker can impersonate any host in the network and gain access to sensitive information by forging a JWT signed with an arbitrary...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read due to improper bounds checking in the JSON parsing process. An attacker can cause the application to read memory outside the intended buffer by providing specially crafted JSON input. Remediation Upgrade thrift to...
Mismatched Memory Management Routines
Overview Affected versions of this package are vulnerable to Mismatched Memory Management Routines via the cglib process. An attacker can cause the server to crash by sending specially crafted input that triggers an invalid pointer error. Remediation Upgrade thrift to version 0.23.0 or higher...
Uncontrolled Recursion
Overview Affected versions of this package are vulnerable to Uncontrolled Recursion due to uncontrolled recursion in the skip function. An attacker can cause a stack overflow and potentially crash the application by sending specially crafted input that triggers deep recursion. Remediation Upgrade...
Improper Validation of Certificate with Host Mismatch
Overview org.apache.thrift:libthrift is a lightweight, language-independent software stack with an associated code generation mechanism for point-to-point RPC. Affected versions of this package are vulnerable to Improper Validation of Certificate with Host Mismatch due to insufficient verificatio...
Integer Overflow or Wraparound
Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound due to improper handling of integer values in the Swift Compact Protocol implementation. An attacker can cause unexpected behavior or potentially execute arbitrary code by sending specially crafted data th...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the skip function. An attacker can cause a crash or read unintended memory by providing specially crafted input that triggers an out-of-bounds access. Remediation Upgrade thrift to version 0.23.0 or higher...
Uncontrolled Recursion
Overview Affected versions of this package are vulnerable to Uncontrolled Recursion due to uncontrolled recursion in the dispatch process. An attacker can cause a stack overflow and potentially crash the application by sending specially crafted input that triggers excessive recursive calls...
Integer Overflow or Wraparound
Overview github.com/apache/thrift/lib/go/thrift is a Go implementation of the Apache Thrift library. Affected versions of this package are vulnerable to Integer Overflow or Wraparound due to improper handling of integer values in the TFramedTransport function on 32-bit architectures. An attacker...
Server-side Request Forgery (SSRF)
Overview @dadigua/hyperchat is a HyperChat Core - Node.js backend and CLI tool with AI chat, MCP support Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetch function in the AI Proxy Middleware component when processing the baseurl argument. An attack...
Unsafe Dependency Resolution
Overview ironic is an OpenStack Bare Metal Provisioning Affected versions of this package are vulnerable to Unsafe Dependency Resolution in the ipmitool process when a non-default configuration enables a console interface. An attacker can execute unauthorized commands by leveraging access to the...
Directory Traversal
Overview notes-mcp is a MCP for managing markdown notes with YAML frontmatter Affected versions of this package are vulnerable to Directory Traversal via the rootdir or path arguments in the notesmcp.py process. An attacker can access or modify files outside the intended directory by supplying...
SQL Injection
Overview sqlite-mcp is an A lightweight Model Context Protocol server for allowing LLMs to autonomously interact with SQLite database. Affected versions of this package are vulnerable to SQL Injection via the extracttojson function. An attacker can execute arbitrary SQL commands by manipulating t...
Directory Traversal
Overview mkdocs-mcp-plugin is a MCP server for MkDocs documentation with intelligent search and retrieval capabilities Affected versions of this package are vulnerable to Directory Traversal via the readdocument and listdocuments functions in server.py when processing the docsdir or filepath...
Generation of Error Message Containing Sensitive Information
Overview Affected versions of this package are vulnerable to Generation of Error Message Containing Sensitive Information due to the raw message of every server-side AuthenticationException being returned to the unauthenticated remote caller in the gRPC status description. This allows an attacker...
Improper Isolation or Compartmentalization
Overview Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization due to improper isolation of the SecurityContext. When an authenticated user experiences an authorization failure, their security context is not properly cleared from the underlying gRPC worker...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the parsenegomessage function when the NegoEx mechanism is registered in the system's GSSAPI configuration. An attacker can cause the process to terminate by sending specially crafted requests remotely...
Integer Underflow (Wrap or Wraparound)
Overview Affected versions of this package are vulnerable to Integer Underflow Wrap or Wraparound in the parsemessage function when the NegoEx mechanism is registered in /etc/gss/mech. An attacker can cause process termination by sending specially crafted requests with a short headerlen that...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal through the shutil.unpackarchive function. An attacker can write files outside the intended extraction directory by supplying a ZIP archive containing absolute Windows paths C:\.... Details A Directory Traversal...
Server-side Request Forgery (SSRF)
Overview mcp-url-downloader is a MCP server that enables AI assistants to download files from URLs to the local filesystem Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the validateurlsafe function. An attacker can access internal resources or services b...
Server-side Request Forgery (SSRF)
Overview auto-favicon is an A Model Context Protocol server providing tools for automatic favicon generation from PNG images or URLs Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the generatefaviconfromurl function. An attacker can cause the server to ma...
Directory Traversal
Overview kaggle-mcp is an A MCP server for kaggle apis Affected versions of this package are vulnerable to Directory Traversal via the preparekaggledataset function in src/kagglemcp/server.py when processing the competitionid argument. An attacker can access arbitrary files on the server by...
SQL Injection
Overview pimcore/pimcore is a content & product management framework CMS/PIM/E-Commerce. Affected versions of this package are vulnerable to SQL Injection via the DataObject composite index handling process. An attacker can execute arbitrary SQL commands in the backend database by injecting...