31876 matches found
Malicious Package
Overview eth-security-auditor is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package was linked to a supply chain attack and contained code designed to steal developer secrets, crypto wallets, SSH keys, and cloud...
Malicious Package
Overview data-pipeline-check is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package was linked to a supply chain attack and contained code designed to steal developer secrets, crypto wallets, SSH keys, and cloud...
Malicious Package
Overview cryptowallet-safety is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package was linked to a supply chain attack and contained code designed to steal developer secrets, crypto wallets, SSH keys, and cloud...
Malicious Package
Overview solidity-build-guard is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package was linked to a supply chain attack and contained code designed to steal developer secrets, crypto wallets, SSH keys, and cloud...
Malicious Package
Overview env-loader-cli is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package was linked to a supply chain attack and contained code designed to steal developer secrets, crypto wallets, SSH keys, and cloud...
Malicious Package
Overview git-config-sync is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package was linked to a supply chain attack and contained code designed to steal developer secrets, crypto wallets, SSH keys, and cloud...
Malicious Package
Overview defi-risk-scanner is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package was linked to a supply chain attack and contained code designed to steal developer secrets, crypto wallets, SSH keys, and cloud...
Buffer Overflow
Overview Affected versions of this package are vulnerable to Buffer Overflow via the NGReset Message Handler process. An attacker can cause memory corruption and potentially impact confidentiality, integrity, and availability by sending specially crafted messages remotely. Remediation Upgrade...
Buffer Overflow
Overview Affected versions of this package are vulnerable to Buffer Overflow via the NGReset Message Handler process. An attacker can cause memory corruption and potentially impact confidentiality, integrity, and availability by sending specially crafted messages remotely. Remediation Upgrade...
Buffer Overflow
Overview Affected versions of this package are vulnerable to Buffer Overflow via the NGReset Message Handler process. An attacker can cause memory corruption and potentially impact confidentiality, integrity, and availability by sending specially crafted messages remotely. Remediation Upgrade...
Buffer Overflow
Overview Affected versions of this package are vulnerable to Buffer Overflow via the NGReset Message Handler process. An attacker can cause memory corruption and potentially impact confidentiality, integrity, and availability by sending specially crafted messages remotely. Remediation Upgrade...
Buffer Overflow
Overview Affected versions of this package are vulnerable to Buffer Overflow via the NGReset Message Handler process. An attacker can cause memory corruption and potentially impact confidentiality, integrity, and availability by sending specially crafted messages remotely. Remediation Upgrade...
Buffer Overflow
Overview Affected versions of this package are vulnerable to Buffer Overflow in the PathSwitchRequest process. An attacker can cause memory corruption by sending specially crafted requests remotely to the affected component. Remediation Upgrade github.com/omec-project/amf/util to version 2.2.0 or...
Buffer Overflow
Overview Affected versions of this package are vulnerable to Buffer Overflow in the PathSwitchRequest process. An attacker can cause memory corruption by sending specially crafted requests remotely to the affected component. Remediation Upgrade github.com/omec-project/amf/metrics to version 2.2.0...
Buffer Overflow
Overview Affected versions of this package are vulnerable to Buffer Overflow in the PathSwitchRequest process. An attacker can cause memory corruption by sending specially crafted requests remotely to the affected component. Remediation Upgrade github.com/omec-project/amf/gmm to version 2.2.0 or...
Buffer Overflow
Overview Affected versions of this package are vulnerable to Buffer Overflow in the PathSwitchRequest process. An attacker can cause memory corruption by sending specially crafted requests remotely to the affected component. Remediation Upgrade github.com/omec-project/amf/ngap to version 2.2.0 or...
Buffer Overflow
Overview Affected versions of this package are vulnerable to Buffer Overflow in the PathSwitchRequest process. An attacker can cause memory corruption by sending specially crafted requests remotely to the affected component. Remediation Upgrade github.com/omec-project/amf/nas/nassecurity to versi...
Out-of-Bounds
Overview Affected versions of this package are vulnerable to Out-of-Bounds in the PDUSessionResourceModifyIndication function of the file handler.go. An attacker can cause memory corruption by sending specially crafted requests to the affected process. Remediation Upgrade...
Out-of-Bounds
Overview Affected versions of this package are vulnerable to Out-of-Bounds in the PDUSessionResourceModifyIndication function of the file handler.go. An attacker can cause memory corruption by sending specially crafted requests to the affected process. Remediation Upgrade...
Out-of-Bounds
Overview Affected versions of this package are vulnerable to Out-of-Bounds in the PDUSessionResourceModifyIndication function of the file handler.go. An attacker can cause memory corruption by sending specially crafted requests to the affected process. Remediation Upgrade...
Out-of-Bounds
Overview Affected versions of this package are vulnerable to Out-of-Bounds in the PDUSessionResourceModifyIndication function of the file handler.go. An attacker can cause memory corruption by sending specially crafted requests to the affected process. Remediation Upgrade...
Out-of-Bounds
Overview Affected versions of this package are vulnerable to Out-of-Bounds in the PDUSessionResourceModifyIndication function of the file handler.go. An attacker can cause memory corruption by sending specially crafted requests to the affected process. Remediation Upgrade...
Buffer Overflow
Overview Affected versions of this package are vulnerable to Buffer Overflow in the NGSetupRequest process. An attacker can cause memory corruption and potentially compromise confidentiality, integrity, and availability by sending specially crafted requests remotely. Remediation Upgrade...
Buffer Overflow
Overview Affected versions of this package are vulnerable to Buffer Overflow in the NGSetupRequest process. An attacker can cause memory corruption and potentially compromise confidentiality, integrity, and availability by sending specially crafted requests remotely. Remediation Upgrade...
Buffer Overflow
Overview Affected versions of this package are vulnerable to Buffer Overflow in the NGSetupRequest process. An attacker can cause memory corruption and potentially compromise confidentiality, integrity, and availability by sending specially crafted requests remotely. Remediation Upgrade...
Buffer Overflow
Overview Affected versions of this package are vulnerable to Buffer Overflow in the NGSetupRequest process. An attacker can cause memory corruption and potentially compromise confidentiality, integrity, and availability by sending specially crafted requests remotely. Remediation Upgrade...
Buffer Overflow
Overview Affected versions of this package are vulnerable to Buffer Overflow in the NGSetupRequest process. An attacker can cause memory corruption and potentially compromise confidentiality, integrity, and availability by sending specially crafted requests remotely. Remediation Upgrade...
Directory Traversal
Overview org.springframework.ai:spring-ai-anthropic is an Anthropic models support Affected versions of this package are vulnerable to Directory Traversal via filename handling in the API support. An attacker can perform path traversal by supplying LLM-influenced filenames that are used unsanitiz...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the core sequence parsing process. An attacker can cause a crash or denial of service by providing a specially crafted HEIF file that manipulates the stco.entrycount, saio.entrycount, and saiz.samplecount values to...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the SampleAuxInfoReader constructor when parsing a specially crafted HEIF sequence file containing a saiz box that declares more samples than exist in the track's chunk table. An attacker can cause a heap buffer...
Improper Privilege Management
Overview Affected versions of this package are vulnerable to Improper Privilege Management in PATCH /api/v3/core/users/pk/. An attacker can gain elevated privileges by assigning arbitrary groups, including those with administrator-equivalent permissions, to users they control or have access to,...
Improper Privilege Management
Overview Affected versions of this package are vulnerable to Improper Privilege Management in PATCH /api/v3/core/users/pk/. An attacker can gain elevated privileges by assigning arbitrary groups, including those with administrator-equivalent permissions, to users they control or have access to,...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a remote code execution backdoor and an advanced credential stealer. A malicious actor exploited remapped historical tags to commit malicious commits, retroactively compromising over 700 versions of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a remote code execution backdoor and an advanced credential stealer. A malicious actor exploited remapped historical tags to commit malicious commits, retroactively compromising over 700 versions of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a remote code execution backdoor and an advanced credential stealer. A malicious actor exploited remapped historical tags to commit malicious commits, retroactively compromising over 700 versions of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a remote code execution backdoor and an advanced credential stealer. A malicious actor exploited remapped historical tags to commit malicious commits, retroactively compromising over 700 versions of...
Deserialization of Untrusted Data
Overview amazon-braket-sdk is an An open source library for interacting with quantum computing devices on Amazon Braket Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the deserializevalues function in job results processing component. An attacker can...
Integer Overflow or Wraparound
Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the NewNTUnicodeString function. An attacker can cause a truncated string rather than an error to be returned by convincing a user to access a filename of excessive length. Remediation Upgrade...
Integer Overflow or Wraparound
Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the NewNTUnicodeString function. An attacker can cause a truncated string rather than an error to be returned by convincing a user to access a filename of excessive length. Remediation Upgrade...
Always-Incorrect Control Flow Implementation
Overview Flask-Security is a Simple security for Flask apps. Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation in the OAuth reauthentication for stale sessions. An attacker can perform unauthorized account actions by completing OAuth verification wit...
Always-Incorrect Control Flow Implementation
Overview Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation in the OAuth reauthentication for stale sessions. An attacker can perform unauthorized account actions by completing OAuth verification with their own identity in a stale, authenticated victi...
Cross-site Scripting (XSS)
Overview golang.org/x/net/html is a package that implements an HTML5-compliant tokenizer and parser. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the writeQuoted function, which does not properly handle characters in DOCTYPE data. An attacker can cause the...
Cross-site Scripting (XSS)
Overview github.com/golang/net/html is a package that implements an HTML5-compliant tokenizer and parser. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the writeQuoted function, which does not properly handle characters in DOCTYPE data. An attacker can cause the...
Cross-site Scripting (XSS)
Overview github.com/golang/net/html is a package that implements an HTML5-compliant tokenizer and parser. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the readStartTag function in the Tokenizer. An attacker can cause the execution of scripts in the context of t...
Cross-site Scripting (XSS)
Overview golang.org/x/net/html is a package that implements an HTML5-compliant tokenizer and parser. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the readStartTag function in the Tokenizer. An attacker can cause the execution of scripts in the context of the...
Cross-site Scripting (XSS)
Overview github.com/golang/net/html is a package that implements an HTML5-compliant tokenizer and parser. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the inBodyEndTagOther function, when rendering sanitized HTML. An attacker can cause the execution of scripts i...
Cross-site Scripting (XSS)
Overview golang.org/x/net/html is a package that implements an HTML5-compliant tokenizer and parser. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the inBodyEndTagOther function, when rendering sanitized HTML. An attacker can cause the execution of scripts in the...
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication via the ToASCII and ToUnicode functions. An attacker can bypass hostname validation by submitting Punycode-encoded labels that decode to ASCII-only labels, potentially leading to privilege escalation in...
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication via the ToASCII and ToUnicode functions. An attacker can bypass hostname validation by submitting Punycode-encoded labels that decode to ASCII-only labels, potentially leading to privilege escalation in...
Cross-site Scripting (XSS)
Overview golang.org/x/net/html is a package that implements an HTML5-compliant tokenizer and parser. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the childTextNodesAreLiteral function in render.go. An attacker can cause the execution of scripts in the context o...