35325 matches found
Malicious Package
Overview none123s is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
Malicious Package
Overview txs-builder-lib is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Directory Traversal
Overview mcp-text-editor is a MCP Text Editor Server - Edit text files via MCP protocol Affected versions of this package are vulnerable to Directory Traversal via the validatefilepath function. An attacker can access or modify files outside the intended directory by supplying crafted input to th...
Cross-site Request Forgery (CSRF)
Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the modules/plugins.php process. An attacker can trigger unauthorized plugin installation,...
Arbitrary Code Injection
Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Arbitrary Code Injection in the actionRenderCardPreview process. An attacker can execute arbitrary PHP code and disclose sensitive information by injecting malicious event handlers into the...
Directory Traversal
Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Directory Traversal via the actionIcon process. An attacker can access arbitrary local .svg files by supplying crafted traversal sequences in the extension parameter, allowing disclosure of...
Regular Expression Denial of Service (ReDoS)
Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in FHIRPath expression evaluation. An attacker can exhaust system CPU resources by submitting specially crafted regular expressions th...
Regular Expression Denial of Service (ReDoS)
Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in FHIRPath expression evaluation. An attacker can exhaust system CPU resources by submitting specially crafted regular expressions th...
Regular Expression Denial of Service (ReDoS)
Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in FHIRPath expression evaluation. An attacker can exhaust system CPU resources by submitting specially crafted regular expressions th...
Regular Expression Denial of Service (ReDoS)
Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in FHIRPath expression evaluation. An attacker can exhaust system CPU resources by submitting specially crafted regular expressions th...
Regular Expression Denial of Service (ReDoS)
Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in FHIRPath expression evaluation. An attacker can exhaust system CPU resources by submitting specially crafted regular expressions th...
Regular Expression Denial of Service (ReDoS)
Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in FHIRPath expression evaluation. An attacker can exhaust system CPU resources by submitting specially crafted regular expressions th...
Regular Expression Denial of Service (ReDoS)
Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in FHIRPath expression evaluation. An attacker can exhaust system CPU resources by submitting specially crafted regular expressions th...
Regular Expression Denial of Service (ReDoS)
Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in FHIRPath expression evaluation. An attacker can exhaust system CPU resources by submitting specially crafted regular expressions th...
Improper Validation of Specified Quantity in Input
Overview pymonocypher is a Python ctypes bindings to the Monocypher library Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input in the argon2i32 function when the provided buffer for nbblocks is too small. An attacker can cause memory corruption ...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via unsanitized input in the slug field during the export process. An attacker can cause arbitrary files and directories to be created or overwritten outside the intended export directory by submitting specially...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via unsanitized input in the slug field during the export process. An attacker can cause arbitrary files and directories to be created or overwritten outside the intended export directory by submitting specially...
Improper Authorization
Overview Affected versions of this package are vulnerable to Improper Authorization via the GetNotesByBookID function. An attacker can access metadata of soft-deleted notes belonging to any public book by sending unauthenticated requests with the deleted query parameter set to true. This allows...
Regular Expression Denial of Service (ReDoS)
Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the VALUE regex pattern within the selector parsing process. An attacker can cause excessive CPU consumption and block server threads by submitting specially crafted attribute selectors with...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the compile function. An attacker can cause excessive memory consumption by supplying a large comma-separated selector list, leading to process termination or degraded system...
External Control of File Name or Path
Overview phantom-audio is an AI audio engineering system -- makes Claude a professional audio engineer Affected versions of this package are vulnerable to External Control of File Name or Path via unconfined tool path handling and lack of input size restrictions. An attacker can write or overwrit...
Insufficiently Protected Credentials
Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials in the DefaultHttpClient process, which follows redirects and forwards sensitive headers such as Authorization, Cookie, and Proxy-Authorization to redirect targets across domain boundaries. An attack...
Insufficiently Protected Credentials
Overview io.micronaut:micronaut-http-client is a modern, JVM-based, full stack microservices framework designed for building modular, easily testable microservice applications. Affected versions of this package are vulnerable to Insufficiently Protected Credentials in the DefaultHttpClient proces...
Infinite loop
Overview Affected versions of this package are vulnerable to Infinite loop due to the lack of a maximum redirect count in the process handling HTTP redirections. An attacker can exhaust system resources and cause service disruption by triggering an infinite redirect loop. Remediation Upgrade...
Infinite loop
Overview io.micronaut:micronaut-http-client is a modern, JVM-based, full stack microservices framework designed for building modular, easily testable microservice applications. Affected versions of this package are vulnerable to Infinite loop due to the lack of a maximum redirect count in the...
Allocation of Resources Without Limits or Throttling
Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the accumulation of Client instances in the clients list within the event management process. An...
Server-side Request Forgery (SSRF)
Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the isglobaladdress function. An attacker can access internal network resources or sensitive endpoints by supplying...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to invalid limit option handling in normalizeOptions in lib/utils.js. An attacker can force oversized request bodies through by supplying an application configuration value for...
Malicious Package
Overview nodemon-sudo is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview tslint-conf is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...
Malicious Package
Overview rio-design-tokens is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview n8n-nodes-mcputils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview mchain-sdk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
Malicious Package
Overview chain-api-sdk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview airkey-mfa-react is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview gitlens is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
Malicious Package
Overview poc-node-npm is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview security-console-ui is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview fusion-client is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview breeze-feature-flag-poc is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...
Malicious Package
Overview qlkube is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
Malicious Package
Overview feedback-api is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview rabi-snooze-api is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview bizapi-portal is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Improper Privilege Management
Overview Affected versions of this package are vulnerable to Improper Privilege Management in the ActiveDirectoryIdentityProvider process. An attacker can gain elevated permissions in Kubernetes clusters by editing the distinguished name DN of group entries in the Active Directory server's databa...
Improper Privilege Management
Overview Affected versions of this package are vulnerable to Improper Privilege Management in the ActiveDirectoryIdentityProvider process. An attacker can gain elevated permissions in Kubernetes clusters by editing the distinguished name DN of group entries in the Active Directory server's databa...
Improper Privilege Management
Overview Affected versions of this package are vulnerable to Improper Privilege Management in the ActiveDirectoryIdentityProvider process. An attacker can gain elevated permissions in Kubernetes clusters by editing the distinguished name DN of group entries in the Active Directory server's databa...
Improper Privilege Management
Overview Affected versions of this package are vulnerable to Improper Privilege Management in the ActiveDirectoryIdentityProvider process. An attacker can gain elevated permissions in Kubernetes clusters by editing the distinguished name DN of group entries in the Active Directory server's databa...
Improper Privilege Management
Overview Affected versions of this package are vulnerable to Improper Privilege Management in the ActiveDirectoryIdentityProvider process. An attacker can gain elevated permissions in Kubernetes clusters by editing the distinguished name DN of group entries in the Active Directory server's databa...
Missing Origin Validation in WebSockets
Overview Affected versions of this package are vulnerable to Missing Origin Validation in WebSockets via the CORSFilter process. An attacker can access sensitive administrative REST endpoints by enticing an authorized user to visit a malicious web page, which then issues cross-origin requests and...