36119 matches found
CSV Injection
Overview Affected versions of this package are vulnerable to CSV Injection in the export process. An attacker can execute arbitrary spreadsheet formulas by submitting specially crafted form values that begin with formula trigger characters, which are then interpreted as live formulas when the...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the Glide process. An attacker can cause the server to make unauthorized HTTP requests to internal network addresses by supplying a crafted URL that exploits DNS rebinding. Remediation Upgrade...
Directory Traversal
Overview pnpm is a Fast, disk space efficient package manager Affected versions of this package are vulnerable to Directory Traversal via the patch application process. An attacker can overwrite or delete arbitrary files on the filesystem by submitting a malicious .patch file containing crafted...
Insufficiently Protected Credentials
Overview pnpm is a Fast, disk space efficient package manager Affected versions of this package are vulnerable to Insufficiently Protected Credentials in the config and auth-header flow, which binds unscoped user-level npm authToken credentials to whatever default registry a repository-local .npm...
Relative Path Traversal
Overview pnpm is a Fast, disk space efficient package manager Affected versions of this package are vulnerable to Relative Path Traversal in dependency alias handling, which passes alias names from package metadata into dependency linking as path components and normalizes them with path.join...
Arbitrary Argument Injection
Overview pnpm is a Fast, disk space efficient package manager Affected versions of this package are vulnerable to Arbitrary Argument Injection in the git fetcher at fetching/git-fetcher/src/index.ts, which passes the lockfile's resolution.commit value into git fetch and git checkout without a --...
Insufficient Verification of Data Authenticity
Overview pnpm is a Fast, disk space efficient package manager Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the default behavior of pnpm install, which accepts tarball content that does not match the integrity value recorded in the lockfile...
Incorrect Comparison
Overview js-toml is an A TOML parser for JavaScript/TypeScript, targeting TOML 1.0.0 Spec Affected versions of this package are vulnerable to Incorrect Comparison via the load process. An attacker can manipulate configuration values by supplying specially crafted TOML input that uses duplicate ke...
Insufficiently Protected Credentials
Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the urls field in the layer descriptor. An attacker can obtain authentication credentials by serving a manifest with a urls entry pointing to an attacker-controlled host and causing the client to...
Insufficiently Protected Credentials
Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the urls field in the layer descriptor. An attacker can obtain authentication credentials by serving a manifest with a urls entry pointing to an attacker-controlled host and causing the client to...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the access control process when domains are not properly canonicalized in highly specific edge cases. An attacker can gain unauthorized access to resources by crafting requests with domain names containing...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the access control process when domains are not properly canonicalized in highly specific edge cases. An attacker can gain unauthorized access to resources by crafting requests with domain names containing...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization through the lack of ownership verification in the terminalStream and fmStream processes. An attacker can gain unauthorized interactive shell access or full file-manager control on the target server by obtaining a...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the API key management process. An attacker can perform unauthorized key-management operations, such as creating, listing, or revoking API keys for other owners or escalating privileges by generating keys with...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the API key management process. An attacker can perform unauthorized key-management operations, such as creating, listing, or revoking API keys for other owners or escalating privileges by generating keys with...
Regular Expression Denial of Service (ReDoS)
Overview js-toml is an A TOML parser for JavaScript/TypeScript, targeting TOML 1.0.0 Spec Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the parseBigInt function used by the load process. An attacker can cause excessive CPU consumption and block...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the tiff decoder. An attacker can cause a panic and potentially disrupt service by providing a specially crafted image file with an out-of-bounds strip offset. Remediation Upgrade github.com/golang/image/tiff to...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the tiff decoder. An attacker can cause a panic and potentially disrupt service by providing a specially crafted image file with an out-of-bounds strip offset. Remediation Upgrade golang.org/x/image/tiff to versio...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the StorageInterface.parentTraversalGuard function. An attacker can access arbitrary files on the host filesystem by submitting a specially crafted kestra:// URI containing URL-encoded directory traversal...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection due to improper path validation in the AuthenticationFilter process. An attacker can execute arbitrary code with root privileges inside the worker container by bypassing authentication and creating or running workflows...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via the Control Panel fieldtype endpoints. An attacker can access metadata and content for resources without proper permissions by sending crafted requests as an authenticated user. Remediation Upgrade statamic/c...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the file-download API endpoint in the LocalStorage process. An attacker can access arbitrary files on the server filesystem, including sensitive data such as embedded databases, secrets, and environment variables...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the file-download API endpoint in the LocalStorage process. An attacker can access arbitrary files on the server filesystem, including sensitive data such as embedded databases, secrets, and environment variables...
Use of Password Hash With Insufficient Computational Effort
Overview Affected versions of this package are vulnerable to Use of Password Hash With Insufficient Computational Effort in the BasicAuth authentication process. An attacker can recover administrator credentials by performing offline brute-force attacks against SHA-512 password hashes obtained fr...
Missing Authorization
Overview line-desktop-mcp is a MCP Server for LINE Desktop Automation via GUI scripting Affected versions of this package are vulnerable to Missing Authorization in the --http-mode process. An attacker can access and control LINE Desktop read and send tools by sending requests to the /mcp endpoin...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the proxy process. An attacker can access internal network resources and cloud metadata endpoints by exploiting a race condition between DNS validation and the actual HTTP request, using DNS rebinding...
Missing Support for Integrity Check
Overview pnpm is a Fast, disk space efficient package manager Affected versions of this package are vulnerable to Missing Support for Integrity Check involving GitHub git dependencies, because the tarball hash for packages resolved from codeload.github.com is not recorded in the lockfile. An...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization in the web UI handlers responsible for managing hosts and networks. An attacker can gain unauthorized access to sensitive information and perform destructive actions across resources owned by other operators by...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization in the web UI handlers responsible for managing hosts and networks. An attacker can gain unauthorized access to sensitive information and perform destructive actions across resources owned by other operators by...
Unlock of a Resource that is not Locked
Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Unlock of a Resource that is not Locked in the editUser and updateUserRights processes. An attacker can gain unauthorized SuperAdmin privileges or grant...
Unlock of a Resource that is not Locked
Overview phpmyfaq/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Unlock of a Resource that is not Locked in the editUser and updateUserRights processes. An attacker can gain unauthorized SuperAdmin privileges or grant...
Directory Traversal
Overview patool is a portable archive file manager Affected versions of this package are vulnerable to Directory Traversal in the safeextract function in patoolib/programs/pytarfile.py when running on Python versions before 3.12, due to the use of os.path.commonprefix for character-level string...
Prototype Pollution
Overview n8n-workflow is a Workflow base code of n8n Affected versions of this package are vulnerable to Prototype Pollution via the deepCopy and replaceCircularReferences utilities in utils.ts. An attacker can inject crafted proto, constructor, or prototype fields in a public webhook payload tha...
Server-side Request Forgery (SSRF)
Overview @cardano402/mcp-server is a MCP server that exposes paid HTTP endpoints as MCP tools, paying via the x402 Cardano scheme. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through improper validation of catalog.server.url and insecure HTTP transport...
Missing Authentication for Critical Function
Overview mcp-pinot-server is an A production-grade MCP server for Apache Pinot Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to the default configuration where authentication is disabled and the HTTP server binds to all network interfaces. An...
Missing Authorization
Overview mcp-memory-service is an Open-source persistent memory for AI agent pipelines and Claude. REST API + semantic search + knowledge graph + autonomous consolidation. Self-host, zero cloud cost. Affected versions of this package are vulnerable to Missing Authorization through the tools/call...
Prototype Pollution
Overview @deepstream/server is an a scalable server for realtime webapps Affected versions of this package are vulnerable to Prototype Pollution via the message processing pipeline. An attacker can escalate privileges and potentially gain unauthorized access or modify sensitive data by sending...
Cross-site Scripting (XSS)
Overview dosage is an a comic strip downloader and archiver Affected versions of this package are vulnerable to Cross-site Scripting XSS via the HTML and RSS output handlers, which write unescaped user-controlled content such as comic text and page URLs directly into generated files. An attacker...
Uncontrolled Recursion
Overview Scriban is a Scriban is a fast, powerful, safe and lightweight scripting language and engine for .NET, which was primarily developed for text templating with a compatibility mode for parsing liquid templates. Today, not only Scriban can be used in text templating scenarios, but also can ...
Allocation of Resources Without Limits or Throttling
Overview Scriban is a Scriban is a fast, powerful, safe and lightweight scripting language and engine for .NET, which was primarily developed for text templating with a compatibility mode for parsing liquid templates. Today, not only Scriban can be used in text templating scenarios, but also can ...
Replay Attack
Overview Affected versions of this package are vulnerable to Replay Attack in the signed-poll process due to the nonce cache being stored in-memory and limited in size. An attacker can obtain unauthorized access to a freshly-minted enrollment token by replaying a previously captured signed-poll...
Replay Attack
Overview Affected versions of this package are vulnerable to Replay Attack in the signed-poll process due to the nonce cache being stored in-memory and limited in size. An attacker can obtain unauthorized access to a freshly-minted enrollment token by replaying a previously captured signed-poll...
Replay Attack
Overview Affected versions of this package are vulnerable to Replay Attack in the signed-poll process due to the nonce cache being stored in-memory and limited in size. An attacker can obtain unauthorized access to a freshly-minted enrollment token by replaying a previously captured signed-poll...
Replay Attack
Overview Affected versions of this package are vulnerable to Replay Attack in the signed-poll process due to the nonce cache being stored in-memory and limited in size. An attacker can obtain unauthorized access to a freshly-minted enrollment token by replaying a previously captured signed-poll...
Insertion of Sensitive Information into Log File
Overview web-auth/webauthn-symfony-bundle is a FIDO2/Webauthn Security Bundle For Symfony. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the onAuthenticationSuccess and onAuthenticationFailure processes. An attacker can obtain sensitive...
HTTP Request Smuggling
Overview Affected versions of this package are vulnerable to HTTP Request Smuggling in the ServerConnection process. An attacker can bypass application-level size limits or cause incorrect application behavior by sending HTTP/2 DATA frames with a total byte count that does not match the declared...
HTTP Request Smuggling
Overview Affected versions of this package are vulnerable to HTTP Request Smuggling in the ServerConnection process. An attacker can bypass application-level size limits or cause incorrect application behavior by sending HTTP/2 DATA frames with a total byte count that does not match the declared...
NULL Pointer Dereference
Overview muhammara is a Create, read and modify PDF files and streams. A drop in replacement for hummusjs PDF library Affected versions of this package are vulnerable to NULL Pointer Dereference in the CreateFilterForStream process when handling PDF streams with /Filter /LZWDecode and a...
Information Exposure
Overview pterodactyl/panel is a game management panel. Affected versions of this package are vulnerable to Information Exposure via the email update process. An attacker can determine whether specific email addresses are registered by sending repeated requests and observing the system's responses...
Symlink Attack
Overview Affected versions of this package are vulnerable to Symlink Attack via the fchmodat function. An attacker can modify file permissions outside the intended container environment by creating symlinks to files on the host system and invoking permission changes through the exposed operation...