33544 matches found
Improper Check for Unusual or Exceptional Conditions
Overview Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions in the bsonvalidate function. An attacker can cause malformed or invalid UTF-8 sequences to bypass validation and be processed incorrectly by submitting specially crafted BSON data to...
Expired Pointer Dereference
Overview Affected versions of this package are vulnerable to Expired Pointer Dereference in the lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile modules. An attacker can execute arbitrary code or access sensitive information by triggering a use-after-free condition through repeated...
Integer Overflow or Wraparound
Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the opjpiinitialiseencode function. An attacker can cause the application to crash or become unresponsive by providing specially crafted input that triggers an integer overflow during encoding...
Cross-site Scripting (XSS)
Overview github.com/prometheus/prometheus/web/ui is a systems and service monitoring system Affected versions of this package are vulnerable to Cross-site Scripting XSS via various UI components whose innerHTML is rendered unsanitized, based on user input. The metric names and label values used b...
Improper Encoding or Escaping of Output
Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the getCommand process. An attacker can execute arbitrary operating system commands by supplying specially crafted values to the INFILEENDING or OUTFILEENDING configuration keys, which are...
Command Injection
Overview simple-git is a light weight interface for running git commands in any node.js application. Affected versions of this package are vulnerable to Command Injection through improper option parsing in the clone method. An attacker can execute arbitrary system commands by supplying specially...
Command Injection
Overview org.webjars.npm:simple-git is an A light weight interface for running git commands in any node.js application. Affected versions of this package are vulnerable to Command Injection through improper option parsing in the clone method. An attacker can execute arbitrary system commands by...
Insertion of Sensitive Information into Log File
Overview apache-airflow-task-sdk is a The Apache Airflow Task SDK includes interfaces for Dag authors and Task execution logic for Python. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File which had masksecret applied. The DAG run logs UI exposes...
Deserialization of Untrusted Data
Overview keras is a Keras is a high-level neural networks API for Python.. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the TFSMLayer class. An attacker can execute arbitrary code by providing a malicious TensorFlow SavedModel during deserialization of...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the XCom API. A privileged DAG Author can execute code on the webserver by invoking a class via legacy serialization keys type/var. Details Serialization is a process of converting an object into a...
Deserialization of Untrusted Data
Overview apache-airflow-task-sdk is a The Apache Airflow Task SDK includes interfaces for Dag authors and Task execution logic for Python. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the XCom API. A privileged DAG Author can execute code on the...
Malicious Package
Overview @lamoda/seller-ui-kit is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview upstartloans is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview upstart-offer-container is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...
Malicious Package
Overview upstartdr is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
Malicious Package
Overview upstartapplicationstatus is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Malicious Package
Overview upstartportal is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview upstartadmindashboard- is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...
Malicious Package
Overview upstart.previewcss is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview upstart-loan-status is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview upstart-lending-status is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...
Malicious Package
Overview paysafe-apple-pay is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview paysafe-venmo is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview walmart-internal is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview upstartautoretailadmin is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...
Malicious Package
Overview paysafe-payments-sdk-common is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Malicious Package
Overview paysafe-google-pay is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview paysafe-card-payments is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the SW-URL header in the MCP server. An attacker can access internal resources and potentially exfiltrate sensitive information by sending crafted requests that are processed by the server. Remediati...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the SW-URL header in the MCP server. An attacker can access internal resources and potentially exfiltrate sensitive information by sending crafted requests that are processed by the server. Remediati...
Malicious Package
Overview @dtc-campaign-wizard/campaign-wizard is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization a...
Malicious Package
Overview @ids-alpha/theme is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview @mx-shared/utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview @pes-ui/components is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview @op-microfrontends/config is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Malicious Package
Overview @spoonflower/ui is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview @hrb-web/nuxt is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview @sap-px/pxapi is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview @kucoin-gbiz-next/tools is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...
Malicious Package
Overview @sage-active/ui is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview @zgny/onboarding-consumer is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Malicious Package
Overview @sports-api/api-sdk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview @spreadjs/js-calc is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview @relxui/react is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview gp-auth-lib is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...
Malicious Package
Overview @aircall-ecosystem/integrations-msteams-frontend is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...
Malicious Package
Overview wm-plugin-wm-smart-tip-dont-embed-tooltip is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...
Malicious Package
Overview @ascend-ops/web-client is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...
Malicious Package
Overview @amplify-js/datastore is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview @bokehjs/core is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...