36149 matches found
Directory Traversal
Overview Glances is an A cross-platform curses-based monitoring tool Affected versions of this package are vulnerable to Directory Traversal through the securepopen process. An attacker can write arbitrary files, execute arbitrary commands, or exfiltrate data by modifying configuration values to...
HTTP Request Smuggling
Overview Affected versions of this package are vulnerable to HTTP Request Smuggling via the copyheaders process. An attacker can inject or override identity and group headers by sending specially crafted HTTP headers with underscores that bypass the header deletion step during normalization,...
HTTP Request Smuggling
Overview Affected versions of this package are vulnerable to HTTP Request Smuggling via the copyheaders process. An attacker can inject or override identity and group headers by sending specially crafted HTTP headers with underscores that bypass the header deletion step during normalization,...
HTTP Request Smuggling
Overview Affected versions of this package are vulnerable to HTTP Request Smuggling via the copyheaders process. An attacker can inject or override identity and group headers by sending specially crafted HTTP headers with underscores that bypass the header deletion step during normalization,...
HTTP Request Smuggling
Overview Affected versions of this package are vulnerable to HTTP Request Smuggling via the copyheaders process. An attacker can inject or override identity and group headers by sending specially crafted HTTP headers with underscores that bypass the header deletion step during normalization,...
Improper Neutralization of Special Elements in Data Query Logic
Overview @budibase/server is a Budibase Web Server Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the enrichContext process. An attacker can access and modify all documents in connected NoSQL databases by injecting crafted...
Command Injection
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Command Injection via the sanitizeFFmpegCommand process. An attacker can execute arbitrary operating system commands by injecting a single & character into the...
Insertion of Sensitive Information Into Sent Data
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the CDCServlet process. An attacker can gain access to a user's session by inducing a logged-in user to visit a crafted URL, which results in the user's session token being sent to a...
Improper Authorization
Overview Affected versions of this package are vulnerable to Improper Authorization via the session management endpoint. An attacker can access session credentials of other users, including those with higher privileges, by making authenticated requests with knowledge of a target user's identity...
Cross-site Scripting (XSS)
Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Cross-site Scripting XSS via the webhook verification endpoints in the Meta, WhatsApp and Microsoft Teams trigger nodes, where a query parameter is reflected into the HTTP response without proper...
Missing Authentication for Critical Function
Overview @n8n/mcp-browser is a Browser automation MCP tools built on Playwright, WebDriver BiDi, and safaridriver Affected versions of this package are vulnerable to Missing Authentication for Critical Function through the MCP server’s HTTP request handling. An attacker can take over a user’s...
Exposure of Data Element to Wrong Session
Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Exposure of Data Element to Wrong Session via the combineBySql Merge-node SQL Query path in combineBySql.ts. An authenticated attacker can poison the shared SQL sandbox by supplying a workflow that...
Improper Handling of Highly Compressed Data (Data Amplification)
Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification via the Decompress operation in the Compression node. An attacker can cause the process to terminate and disrupt all workflows by sendi...
Improper Handling of Highly Compressed Data (Data Amplification)
Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification via the Decompress operation in the Compression node. An attacker can cause the process to terminate and disrupt all workflows by sending a specially crafted compressed...
SQL Injection
Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to SQL Injection through the prepareItems logic used by the findOneAndReplace, findOneAndUpdate, and update operations in GenericFunctions.ts and MongoDb.node.ts. An authenticated workflow editor can...
Prototype Pollution
Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Prototype Pollution via the Microsoft SQL node’s createTableStruct and related table-grouping logic in MicrosoftSql.node.ts and GenericFunctions.ts. An authenticated user who can create or modify...
SQL Injection
Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to SQL Injection in the postgres and timescaleDb nodes, which incorporate node parameters into database queries without adequate parameterization. A user with permission to create or modify workflows c...
Cross-site Scripting (XSS)
Overview OctoPrint is a snappy web interface for your 3D printer Affected versions of this package are vulnerable to Cross-site Scripting XSS in the Suppressed Command notifications process. An attacker can execute arbitrary HTML or JavaScript code by convincing a user to print a specially crafte...
Malicious Package
Overview backoffice-charges-module is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Malicious Package
Overview @muaththir/api is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview aillmgen is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
Malicious Package
Overview cursorai-agent is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview @ravespaceio/rave-engine is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Malicious Package
Overview @ravespaceio/browser-input is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Malicious Package
Overview calculate-helper is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview web3-token-helper is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview vitest-cli is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
Malicious Package
Overview chalk-ultra is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...
Malicious Package
Overview sync-external is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview server-parket is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview mjs-eslint-service is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview ts-sudo is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
Malicious Package
Overview mjs-eslint-helper is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview ts-arithmetic-helper is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview parket-flow is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...
Malicious Package
Overview ts-predict-helper is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Deserialization of Untrusted Data
Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the fetchcompletions function in reduce methods. An attacker can execute arbitrary commands by embedding...
Deserialization of Untrusted Data
Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the profile.Profile.runctx function. An attacker can execute arbitrary code by crafting a malicious pickl...
Malicious Package
Overview new-mjs-eslint is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview new-solt-1 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
Malicious Package
Overview new-ts-helper is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview poly-utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
Malicious Package
Overview new-eslint-1 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview eslint-helper-1 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview new-ecro-1 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
Malicious Package
Overview new-solt is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
Malicious Package
Overview new-helper is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
Malicious Package
Overview new-ecro-helper is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview ts-numbering is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview local-ip-helper is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...