32851 matches found
Arbitrary File Upload
Overview Affected versions of this package are vulnerable to Arbitrary File Upload via the createuploadfile function. An attacker can upload arbitrary files by sending crafted requests to the affected API endpoint. Remediation Upgrade langflow-base to version 0.8.0 or higher. References - GitHub...
Credential Exposure
Overview Affected versions of this package are vulnerable to Credential Exposure in the removeapikeys and hasapiterms functions of the Flow Using API component. An attacker can access sensitive credential information by exploiting unprotected storage mechanisms remotely. Remediation Upgrade...
Server-side Request Forgery (SSRF)
Overview ragas is an Evaluation framework for RAG and LLM applications Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via improper validation of URLs in the retrievedcontexts parameter when processing multimodal inputs. An attacker can access arbitrary files,...
Cross-site Scripting (XSS)
Overview dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG. Affected versions of this package are vulnerable to Cross-site Scripting XSS via templates injected to a site in RETURNDOM mode. The SAFEFORTEMPLATES sanitization can be bypassed, which then allows scripts to be executed if...
Cross-site Scripting (XSS)
Overview dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG. Affected versions of this package are vulnerable to Cross-site Scripting XSS leading to cross-site scripting, via custom elements. When CUSTOMELEMENTHANDLING is not enabled, and an attacker has already polluted the prototype...
Cross-site Scripting (XSS)
Overview org.webjars.npm:dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG. Affected versions of this package are vulnerable to Cross-site Scripting XSS leading to cross-site scripting, via custom elements. When CUSTOMELEMENTHANDLING is not enabled, and an attacker has already pollut...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the actionclass function in the ActionsController. A user can gain unauthorized access to sensitive actions and escalate privileges by invoking unregistered action classes on arbitrary...
Cross-site Scripting (XSS)
Overview org.webjars.npm:dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG. Affected versions of this package are vulnerable to Cross-site Scripting XSS via templates injected to a site in RETURNDOM mode. The SAFEFORTEMPLATES sanitization can be bypassed, which then allows scripts to...
Improper Validation of Specified Index, Position, or Offset in Input
Overview uuid is a RFC4122 v1, v4, and v5 compliant UUID library. Affected versions of this package are vulnerable to Improper Validation of Specified Index, Position, or Offset in Input due to accepting external output buffers but not rejecting out-of-range writes small buf or large offset. This...
Improper Validation of Specified Index, Position, or Offset in Input
Overview Affected versions of this package are vulnerable to Improper Validation of Specified Index, Position, or Offset in Input due to accepting external output buffers but not rejecting out-of-range writes small buf or large offset. This inconsistency allows silent partial writes into...
Cross-site Request Forgery (CSRF)
Overview apache-airflow-providers-keycloak is a Provider package apache-airflow-providers-keycloak for Apache Airflow Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the login authentication process due to missing generation and validation of the OAuth 2.0...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to improper XCom value handling. An attacker that is a Dag Author who normally should not be able to execute code in the webserver context can execute arbitrary code by crafting malicious XCom...
Integer Overflow or Wraparound
Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound due to improper validation in the CubeSize function in cmslut.c. An attacker can cause an integer overflow by providing crafted input that triggers the multiplication before the overflow check, potentially...
Out-of-bounds Write
Overview Affected versions of this package are vulnerable to Out-of-bounds Write in the tga.c process of decoding TGA images using RLE compression, specifically when handling the raw-packet path, due to missing bounds checks. An attacker can achieve arbitrary code execution or cause a denial of...
Out-of-bounds Write
Overview Affected versions of this package are vulnerable to Out-of-bounds Write in the XWD decoder when there is a type confusion between bitsperpixel and pixmapdepth during the byte-swap process. An attacker can achieve arbitrary code execution or cause a denial of service by providing a crafte...
Out-of-bounds Write
Overview Affected versions of this package are vulnerable to Out-of-bounds Write in the PSD decoding process due to a mismatch between the computed bytes-per-pixel from the image header and the allocated pixel buffer size in LAB 16-bit mode. An attacker can achieve arbitrary code execution or cau...
Buffer Over-read
Overview Affected versions of this package are vulnerable to Buffer Over-read via the ptpunpackEOSFocusInfoEx function. An attacker can cause a crash and potentially access sensitive memory contents by supplying specially crafted input from a malicious USB device. Remediation A fix was pushed int...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the ptpunpackOI function when processing a malicious PTP ObjectInfo response. An attacker can cause the application to read memory beyond the intended buffer by supplying specially crafted data, potentially leading...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the ptpunpackSonyDPD function when parsing the FormFlag field due to missing bounds checking before reading data. An attacker can cause information disclosure or application instability by supplying crafted input...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the ptpunpackSonyDPD function when parsing the enumeration count from a buffer without verifying sufficient data remains. An attacker can cause information disclosure or application instability by providing a craft...
Server-side Request Forgery (SSRF)
Overview @nocobase/utils is a Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the workflow HTTP request and custom request plugins, which make server-side HTTP requests to user-supplied URLs without proper validation. An attacker can access internal networ...
Server-side Request Forgery (SSRF)
Overview @nocobase/plugin-action-custom-request is a Sending a request to any HTTP service supports sending context data to the target service. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the workflow HTTP request and custom request plugins, which make...
Server-side Request Forgery (SSRF)
Overview @nocobase/plugin-workflow-request is a Send HTTP requests to any HTTP service for data interaction in workflow. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the workflow HTTP request and custom request plugins, which make server-side HTTP...
Server-side Request Forgery (SSRF)
Overview @nocobase/plugin-ai is a Create AI employees with diverse skills to collaborate with humans, build systems, and handle business operations. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the workflow HTTP request and custom request plugins, which...
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the internal stream buffers SmtpStream, ImapStream, and Pop3Stream not being flushed during the STARTTLS upgrade process. An attacker c...
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the internal stream buffers SmtpStream, ImapStream, and Pop3Stream not being flushed during the STARTTLS upgrade process. An attacker c...
Cross-site Scripting (XSS)
Overview pretalx is a Conference organisation: CfPs, scheduling, much more Affected versions of this package are vulnerable to Cross-site Scripting XSS in the organizer search. An attacker can execute arbitrary JavaScript code in the context of an organizer's browser by injecting malicious payloa...
Improper Encoding or Escaping of Output
Overview pretalx is a Conference organisation: CfPs, scheduling, much more Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via unescaped user-controlled placeholders in mail templates. An attacker can inject arbitrary HTML content into outgoing emails b...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal through improper validation of user-supplied paths in the prefixed function. An attacker can read or write arbitrary files, create directories, and enumerate files outside the intended root directory by sending...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal through improper validation of user-supplied paths in the prefixed function. An attacker can read or write arbitrary files, create directories, and enumerate files outside the intended root directory by sending...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal through improper validation of user-supplied paths in the prefixed function. An attacker can read or write arbitrary files, create directories, and enumerate files outside the intended root directory by sending...
SQL Injection
Overview dagster is a Dagster is an orchestration platform for the development, production, and observation of data assets. Affected versions of this package are vulnerable to SQL Injection via the construction of SQL WHERE clauses in database I/O manager integrations. An attacker can execute...
SQL Injection
Overview dagster-gcp is a Package for GCP-specific Dagster framework op and resource components. Affected versions of this package are vulnerable to SQL Injection via the construction of SQL WHERE clauses in database I/O manager integrations. An attacker can execute arbitrary SQL commands by...
SQL Injection
Overview dagster-deltalake is a Package for Deltalake-specific Dagster framework op and resource components. Affected versions of this package are vulnerable to SQL Injection via the construction of SQL WHERE clauses in database I/O manager integrations. An attacker can execute arbitrary SQL...
SQL Injection
Overview dagster-snowflake-polars is a Package for integrating Snowflake and Polars with Dagster. Affected versions of this package are vulnerable to SQL Injection via the construction of SQL WHERE clauses in database I/O manager integrations. An attacker can execute arbitrary SQL commands by...
SQL Injection
Overview dagster-snowflake is a Package for Snowflake Dagster framework components. Affected versions of this package are vulnerable to SQL Injection via the construction of SQL WHERE clauses in database I/O manager integrations. An attacker can execute arbitrary SQL commands by creating speciall...
SQL Injection
Overview dagster-duckdb is a Package for DuckDB-specific Dagster framework op and resource components. Affected versions of this package are vulnerable to SQL Injection via the construction of SQL WHERE clauses in database I/O manager integrations. An attacker can execute arbitrary SQL commands b...
Arbitrary Argument Injection
Overview Affected versions of this package are vulnerable to Arbitrary Argument Injection via unsanitized volumeHandle and mounttargetip fields. An attacker can inject unauthorized mount options by supplying specially crafted values to these fields when creating a PersistentVolume, resulting in...
Allocation of Resources Without Limits or Throttling
Overview OpenTelemetry.Exporter.Jaeger is a Jaeger exporter for OpenTelemetry .NET Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the span and tag conversion. An attacker can drive sustained memory pressure and denial of service by...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via the formatDataBeforeSave process. An attacker can execute arbitrary SQL commands by supplying crafted input to the idfiche parameter, which is concatenated directly into a SQL query without sanitization. Remediation...
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication in the providerFlowSignIn process. An attacker can gain unauthorized access to another user's account by exploiting improper handling of email verification status from OAuth providers. This allows the attacker to...
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication in the providerFlowSignIn process. An attacker can gain unauthorized access to another user's account by exploiting improper handling of email verification status from OAuth providers. This allows the attacker to...
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication in the providerFlowSignIn process. An attacker can gain unauthorized access to another user's account by exploiting improper handling of email verification status from OAuth providers. This allows the attacker to...
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication in the providerFlowSignIn process. An attacker can gain unauthorized access to another user's account by exploiting improper handling of email verification status from OAuth providers. This allows the attacker to...
CRLF Injection
Overview Affected versions of this package are vulnerable to CRLF Injection via the settingsToParameters process. An attacker can execute arbitrary code and alter configuration by injecting newline characters into PHP INI values that are forwarded to child processes. This is only exploitable if t...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the SubFileSystem method. An attacker can access directories outside the intended confinement by supplying specially crafted paths containing unresolved .. segments. This is only exploitable if the input path is...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the webhook process. An attacker can exhaust system memory by sending oversized POST payloads before signature validation. This is only exploitable if Stripe webhooks are enabled a...
Improper Null Termination
Overview Affected versions of this package are vulnerable to Improper Null Termination due to improper null termination in the ptpunpackCanonFE function. An attacker can cause out-of-bounds reads by supplying crafted data that fills the filename buffer exactly, leading to unintended memory access...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the ptpunpackEOSImageFormat and ptpunpackEOSCustomFuncEx functions due to missing length validation for input buffers. An attacker can cause the application to read out-of-bounds memory by supplying crafted data to...
Incomplete List of Disallowed Inputs
Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the run method of the AirtableAgents class, which evaluates LLM-generated Python scripts in a non-sandboxed environment. An attacker can execute...