36451 matches found
Prototype Pollution
Overview protobufjs is a protocol buffer for JavaScript & TypeScript. Affected versions of this package are vulnerable to Prototype Pollution through the textformat file. An attacker can modify the prototype of the returned map object by supplying a specially crafted map entry with the key proto...
Allocation of Resources Without Limits or Throttling
Overview tar is a full-featured Tar for Node.js. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of enforced upper bounds on total decompressed data, entry counts, or decompression ratio in extraction and parsing paths such ...
Directory Traversal
Overview bbot is an OSINT automation for hackers. Affected versions of this package are vulnerable to Directory Traversal via the githubworkflows process. An attacker can write files outside the intended output directory by supplying a crafted CODEREPOSITORY URL containing directory traversal...
Symlink Attack
Overview bbot is an OSINT automation for hackers. Affected versions of this package are vulnerable to Symlink Attack in the unarchive process when extracting zip or 7z archives containing symlink entries with a DOS-attribute prefix before the unix mode, as produced by legacy versions of p7zip. An...
Inefficient Algorithmic Complexity
Overview js-yaml is a human-friendly data serialization language. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in the omapTag.addItem function of src/tag/sequence/omap.ts, which performs a linear scan for duplicate keys on every insertion into an ordered...
Prototype Pollution
Overview cyberchef is a simple, intuitive web app for carrying out all manner of "cyber" operations within a web browser. Affected versions of this package are vulnerable to Prototype Pollution leading to cross-site scripting in the Series Chart operation and the objToTable function in...
Server-side Request Forgery (SSRF)
Overview repomix is an A tool to pack repository contents to single file for AI consumption Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the processRemoteRepo path in POST /api/pack and its repository URL handling before git clone. An attacker can...
Infinite loop
Overview protobufjs is a protocol buffer for JavaScript & TypeScript. Affected versions of this package are vulnerable to Infinite loop in the option parsing. An attacker can cause the application to enter an infinite loop by submitting a crafted .proto schema that opens an option declaration and...
Integer Overflow or Wraparound
Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the setListBounds function in src/List.js when handling an index or size in the range 2 30 to 2 31. An attacker can cause an empty list to enter an uncatchable infinite loop, trigger unbounded memory...
Integer Overflow or Wraparound
Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the setListBounds function in src/List.js when handling an index or size in the range 2 30 to 2 31. An attacker can cause an empty list to enter an uncatchable infinite loop, trigger unbounded memory...
Incorrect Type Conversion or Cast
Overview tar is a full-featured Tar for Node.js. Affected versions of this package are vulnerable to Incorrect Type Conversion or Cast via the src/pax.ts file. An attacker can cause a process crash by providing all-digit PAX path or linkpath values that are coerced to JavaScript numbers, leading ...
Cross-site Scripting (XSS)
Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Cross-site Scripting XSS via the cx class-name handling in src/helper/css/index.ts. An attacker can inject arbitrary HTML into rendered JSX by supplying a malicious class string to cx...
Inefficient Algorithmic Complexity
Overview Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via the HashCollisionNode class in Immutable.Map and Immutable.Set. An attacker can cause excessive CPU consumption by supplying a large number of keys with identical 32-bit hashes, leading to degraded...
Use of Less Trusted Source
Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Use of Less Trusted Source through the getHeaders processing in the AWS API Gateway v1 EventV1Processor and the Lattice LatticeV2Processor. An attacker can cause a repeated header value t...
Inefficient Algorithmic Complexity
Overview Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via the HashCollisionNode class in Immutable.Map and Immutable.Set. An attacker can cause excessive CPU consumption by supplying a large number of keys with identical 32-bit hashes, leading to degraded...
Inefficient Algorithmic Complexity
Overview Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity through the parsing process in formatting.py when handling long sequences of , ==, or ^^ markers. An attacker can cause excessive CPU consumption by submitting specially crafted input containing long...
Origin Validation Error
Overview Affected versions of this package are vulnerable to Origin Validation Error via the CookieJar process. An attacker can access or manipulate cookies belonging to other hosts by exploiting improper domain matching for IP-address or bare-numeric domains. Remediation Upgrade guzzlehttp/guzzl...
Inefficient Algorithmic Complexity
Overview org.webjars.npm:linkify-it is a Links recognition library with FULL unicode support Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in the mailto: validator scan-loop on attacker-supplied text. An attacker can cause excessive CPU consumption by...
Inefficient Algorithmic Complexity
Overview linkify-it is a Links recognition library with FULL unicode support Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in the mailto: validator scan-loop on attacker-supplied text. An attacker can cause excessive CPU consumption by submitting specially...
Uncaught Exception
Overview @opentelemetry/propagator-jaeger is an OpenTelemetry Jaeger propagator provides HTTP header propagation for systems that are using Jaeger HTTP header format. Affected versions of this package are vulnerable to Uncaught Exception via the JaegerPropagator class when handling incoming HTTP...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the renderadmonition function. An attacker can execute arbitrary scripts in the context of the user by injecting malicious content into the :class: option of the Admonition directive, which is not properly...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the safeurl process. An attacker can inject malicious URLs into rendered href and src attributes by crafting links that use legacy or chained schemes, potentially leading to script execution in affected user...
Insufficient Verification of Data Authenticity
Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity via the toc process. An attacker can interfere with same-page navigation, CSS selectors, or JavaScript handlers by creating content with predictable id attributes that collide with...
Inefficient Algorithmic Complexity
Overview Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in the inlineparser process. An attacker can cause excessive resource consumption by submitting input containing long sequences of double-asterisk or triple-asterisk emphasis pairs, leading to...
Improper Handling of Unicode Encoding
Overview Affected versions of this package are vulnerable to Improper Handling of Unicode Encoding in the process that applies exclusion directives from MANIFEST.in due to improper Unicode normalization handling on macOS APFS or HFS+ filesystems. An attacker can cause unintended files to be...
Use of Non-Canonical URL Paths for Authorization Decisions
Overview astro is an Astro is a modern site builder with web best practices, performance, and DX front-of-mind. Affected versions of this package are vulnerable to Use of Non-Canonical URL Paths for Authorization Decisions in validateAndDecodePathname and rewrite routing in findRouteToRewrite. An...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the safeurl function. An attacker can execute arbitrary scripts in the rendered HTML by supplying specially crafted percent-encoded javascript URIs in Markdown links or images. Details Cross-site scripting o...
Inefficient Algorithmic Complexity
Overview Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via the blockparser process. An attacker can cause excessive CPU consumption by submitting specially crafted Markdown documents containing numerous repeated or distinct reference-link definitions...
Uncontrolled Recursion
Overview Affected versions of this package are vulnerable to Uncontrolled Recursion through the include process. An attacker can cause the application to crash by creating two markdown files that recursively include each other, leading to unbounded recursion and a RecursionError. Remediation...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection via the HordeVfsSmb process. An attacker can execute arbitrary operating system commands by supplying specially crafted filenames containing command substitution payloads, which are processed in a shell context during...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the sqlite3changesetapplyv3 function when processing a malformed changeset blob. An attacker can cause the application to crash by supplying a specially crafted changeset that leads to a NULL pointer...
Infinite loop
Overview tar is a full-featured Tar for Node.js. Affected versions of this package are vulnerable to Infinite loop via the replace method. An attacker can cause the archive scanner to enter an infinite loop by providing a tar header with a negative base-256 encoded entry size. Remediation Upgrade...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the changegroup process. An attacker can access sensitive information by merging crafted changesets through local interaction. Remediation A fix was pushed into the master branch but not yet published. References ...
Incomplete List of Disallowed Inputs
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs through workspace dotenv loading in the gateway's provider credential resolution path. An attacker can supply a workspace .env file or controlled path...
Improper Resource Shutdown or Release
Overview engine.io is a realtime engine behind Socket.IO. It provides the foundation of a bidirectional connection between client and server Affected versions of this package are vulnerable to Improper Resource Shutdown or Release through the polling request handler in Polling transport processin...
Interpretation Conflict
Overview Affected versions of this package are vulnerable to Interpretation Conflict via the assertValidHost function. An attacker can cause security or routing decisions to be made based on a mismatched host by crafting a URI with authority delimiters, embedded ports, or malformed IPv6 brackets...
Race Condition
Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Race Condition through server-side rendering context handling in createContext and useContext. An attacker can read another in-flight request’s provided value by causing an async componen...
Memory Allocation with Excessive Size Value
Overview pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the image parsing process. An attacker can cause excessive memory consumption by...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the Include.parse process. An attacker can access arbitrary files outside the intended markdown directory by supplying crafted include paths when markdown files are processed using md.read. Details A Directory...
Excessive Iteration
Overview pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Excessive Iteration via the processing of repeated malformed cross-reference streams. An attacker can cause excessive resource...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the push/pull state-handling process. An attacker can cause memory exhaustion and terminate the process by sending crafted network traffic to the gossip listener. This is only...
Cross-site Scripting (XSS)
Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to Cross-site Scripting XSS n the credential management flow, where the Authorization URL field of an OAuth2 credential accepts a javascript: URL that is not sanitized before being wired to the OAuth...
Incorrect Authorization
Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to Incorrect Authorization in the evaluations test run creation endpoint POST /workflows/workflowId/test-runs/new, which authorizes against the workflow:read scope instead of workflow:execute. A user...
SQL Injection
Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to SQL Injection in the MySQL v1 node's executeQuery operation, which interpolates evaluated ... expression values directly into raw SQL strings without parameterization. An attacker can execute...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the getAuthorizedSpaces function of the gitspaces endpoint. An attacker can gain unauthorized access to information by sending crafted requests to the affected API endpoint. Remediatio...
Arbitrary Command Injection
Overview openllm is an OpenLLM: Self-hosting LLMs Made Easy. Affected versions of this package are vulnerable to Arbitrary Command Injection via the asyncruncommand function in the Model Repository Directory Name Handler process. An attacker can execute arbitrary system commands by manipulating t...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via unsanitized data source input in the process. An attacker can execute arbitrary SQL commands and gain unauthorized access to sensitive data or create accounts with attacker-controlled credentials by influencing a...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to the lack of authentication or authorization on the public gRPC port :9080 for the external snapshot import process. An attacker can overwrite and replace the database contents by sendi...
Missing Authentication for Critical Function
Overview github.com/dgraph-io/dgraph/edgraph is a Dgraph is a horizontally scalable and distributed GraphQL database with a graph backend. Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to the lack of authentication or authorization on the...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to the lack of authentication or authorization on the public gRPC port :9080 for the external snapshot import process. An attacker can overwrite and replace the database contents by sendi...