35936 matches found
Heap-based Buffer Overflow
Overview Magick.NET-Q16-HDRI-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...
Heap-based Buffer Overflow
Overview Magick.NET-Q16-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...
Heap-based Buffer Overflow
Overview Magick.NET-Q8-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...
Heap-based Buffer Overflow
Overview Magick.NET-Q8-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Heap-based Buffer Overflow
Overview Magick.NET-Q16-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Heap-based Buffer Overflow
Overview Magick.NET-Q16-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow due to incorrect handling of arguments in the JP2 encoder. An attacker can cause a heap buffer over-write by supplying specially crafted arguments during image processing. Remediation A fix was pushed into the...
Heap-based Buffer Overflow
Overview Magick.NET-Q8-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package ar...
Heap-based Buffer Overflow
Overview Magick.NET-Q8-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Heap-based Buffer Overflow
Overview Magick.NET-Q16-HDRI-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...
Heap-based Buffer Overflow
Overview Magick.NET-Q16-HDRI-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Heap-based Buffer Overflow
Overview Magick.NET-Q16-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...
Heap-based Buffer Overflow
Overview Magick.NET-Q16-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Heap-based Buffer Overflow
Overview Magick.NET-Q16-HDRI-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Sensitive Cookie with Improper SameSite Attribute
Overview org.asynchttpclient:async-http-client is a maven plugin for the Async Http Client AHC classes. Affected versions of this package are vulnerable to Sensitive Cookie with Improper SameSite Attribute via ThreadSafeCookieStore in ThreadSafeCookieStore.add.... An attacker can plant a cookie f...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via unsafe JavaBean materialization in com.mchange.v2.naming.JavaBeanObjectFactory. An attacker can trigger arbitrary class construction and property initialization by supplying a malicious JNDI Referen...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the realm parameter in the authentication process. An attacker can cause the client to send requests to internal network endpoints or transmit credentials over an unencrypted channel by controlling t...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the realm parameter in the authentication process. An attacker can cause the client to send requests to internal network endpoints or transmit credentials over an unencrypted channel by controlling t...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the json.NewDecoder process in multiple API endpoints that lack a body-size cap. An attacker can exhaust system memory and cause service disruption by sending large, unbounded JSO...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the json.NewDecoder process in multiple API endpoints that lack a body-size cap. An attacker can exhaust system memory and cause service disruption by sending large, unbounded JSO...
Prototype Pollution
Overview @hey-api/openapi-ts is a 🌀 OpenAPI to TypeScript code generator. Production-grade SDKs, Zod schemas, TanStack Query hooks, and 20+ plugins. Used by Vercel, OpenCode, and PayPal. Affected versions of this package are vulnerable to Prototype Pollution in the buildClientParams process. An...
Incorrect Implementation of Authentication Algorithm
Overview Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm in the authentication provider's team membership evaluation process. An attacker can gain unauthorized access to resources or permissions assigned to other teams within the same...
Incorrect Implementation of Authentication Algorithm
Overview Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm in the authentication provider's team membership evaluation process. An attacker can gain unauthorized access to resources or permissions assigned to other teams within the same...
Incorrect Implementation of Authentication Algorithm
Overview Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm in the authentication provider's team membership evaluation process. An attacker can gain unauthorized access to resources or permissions assigned to other teams within the same...
Incorrect Implementation of Authentication Algorithm
Overview Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm in the authentication provider's team membership evaluation process. An attacker can gain unauthorized access to resources or permissions assigned to other teams within the same...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the valuesFrom process. An attacker can gain unauthorized access to secrets and config maps across namespaces by crafting resources such as HelmOp or Bundle with references to arbitrary secrets, provided they...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the valuesFrom process. An attacker can gain unauthorized access to secrets and config maps across namespaces by crafting resources such as HelmOp or Bundle with references to arbitrary secrets, provided they...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the valuesFrom process. An attacker can gain unauthorized access to secrets and config maps across namespaces by crafting resources such as HelmOp or Bundle with references to arbitrary secrets, provided they...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the helm.repo process when the helmRepoURLRegex field is not set on a GitRepo resource. An attacker with git push access to a monitored repository can cause the system to forward Helm authentication...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the helm.repo process when the helmRepoURLRegex field is not set on a GitRepo resource. An attacker with git push access to a monitored repository can cause the system to forward Helm authentication...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the helm.repo process when the helmRepoURLRegex field is not set on a GitRepo resource. An attacker with git push access to a monitored repository can cause the system to forward Helm authentication...
Insufficient Verification of Data Authenticity
Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity via unsanitized repository URL components in the webhook endpoint when no secret is configured. An attacker can trigger continuous repository re-cloning, increasing network traffic and...
Insufficiently Protected Credentials
Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the addLabelsFromOptions function. An attacker can overwrite security-sensitive namespace labels by pushing changes to a monitored repository, thereby weakening admission controls and enabling...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the JWKS key caching process. An attacker can gain unauthorized access to another issuer or tenant's resources by crafting a valid token for one allowed issuer and exploiting the cache...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the JWKS key caching process. An attacker can gain unauthorized access to another issuer or tenant's resources by crafting a valid token for one allowed issuer and exploiting the cache...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the JWKS key caching process. An attacker can gain unauthorized access to another issuer or tenant's resources by crafting a valid token for one allowed issuer and exploiting the cache...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the JWKS key caching process. An attacker can gain unauthorized access to another issuer or tenant's resources by crafting a valid token for one allowed issuer and exploiting the cache...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the JWKS key caching process. An attacker can gain unauthorized access to another issuer or tenant's resources by crafting a valid token for one allowed issuer and exploiting the cache...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the JWKS key caching process. An attacker can gain unauthorized access to another issuer or tenant's resources by crafting a valid token for one allowed issuer and exploiting the cache...
Improper Verification of Cryptographic Signature
Overview org.webjars.npm:sigstore is a code-signing for npm packages Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the certificateOIDs option being accepted by the public API but discarded before verification, resulting in required...
Improper Verification of Cryptographic Signature
Overview @sigstore/verify is a Verification of Sigstore signatures Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the certificateOIDs option being accepted by the public API but discarded before verification, resulting in required...
Improper Verification of Cryptographic Signature
Overview @sigstore/cli is a Sigstore CLI Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the certificateOIDs option being accepted by the public API but discarded before verification, resulting in required certificate extension OIDs neve...
Improper Verification of Cryptographic Signature
Overview sigstore is a code-signing for npm packages Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the certificateOIDs option being accepted by the public API but discarded before verification, resulting in required certificate extensi...
Insufficient Verification of Data Authenticity
Overview @sigstore/verify is a Verification of Sigstore signatures Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity via the integratedTime process. An attacker can manipulate time-based verification decisions by supplying a crafted bundle that set...
Weak Password Recovery Mechanism for Forgotten Password
Overview Affected versions of this package are vulnerable to Weak Password Recovery Mechanism for Forgotten Password through the loginlink process. An attacker can gain unauthorized access to user accounts by reusing a previously issued password reset link after the password has been changed. Thi...
Integer Overflow or Wraparound
Overview Magick.NET-Q16-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Integer Overflow or Wraparound
Overview Magick.NET-Q8-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package ar...
Integer Overflow or Wraparound
Overview Magick.NET-Q8-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Integer Overflow or Wraparound
Overview Magick.NET-Q8-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Integer Overflow or Wraparound
Overview Magick.NET-Q8-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...