35669 matches found
Allocation of Resources Without Limits or Throttling
Overview liquidjs is an A simple, expressive, safe and Shopify compatible template engine in pure JavaScript. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the pop filter, which allocates a full clone of its input array without...
Improper Authorization
Overview github.com/nats-io/nats-server/v2/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Improper Authorization via the queue subscription process. An attacker can gain unauthorized...
Improper Authorization
Overview github.com/nats-io/nats-server/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Improper Authorization via the queue subscription process. An attacker can gain unauthorized...
Arbitrary Code Injection
Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to Arbitrary Code Injection via the createguardrail, updateguardrail, deleteguardrail, and patchguardrail handlers in the guardrails API. An attacker can upload or modify cust...
Improper Handling of Highly Compressed Data (Data Amplification)
Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification via the Decode function in the wire protocol when processing gzip-compressed messages. An attacker can cause excessive memory allocation and service unavailability by sendin...
Improper Handling of Highly Compressed Data (Data Amplification)
Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification via the Decode function in the wire protocol when processing gzip-compressed messages. An attacker can cause excessive memory allocation and service unavailability by sendin...
Improper Handling of Highly Compressed Data (Data Amplification)
Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification via the Decode function in the wire protocol when processing gzip-compressed messages. An attacker can cause excessive memory allocation and service unavailability by sendin...
External Control of File Name or Path
Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to External Control of File Name or Path via request-supplied OIDC file references through the /health/testconnection handler in litellm/proxy/healthendpoints/healthendpoints....
Authentication Bypass Using an Alternate Path or Channel
Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel via the OAuth2 passthrough fallback in MCPRequestHandler.processmcprequest in...
Directory Traversal
Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to Directory Traversal via path traversal in the skill archive extraction logic in SkillPromptInjectionHandler and SkillsSandboxExecutor. An authenticated user with access to...
Infinite loop
Overview pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Infinite loop in the inline image decoding code in pypdf/generic/imageinline.py. An attacker can hang text extraction or other...
Directory Traversal
Overview composer/composer is a Dependency Manager for PHP. Composer helps you declare, manage and install dependencies of PHP projects. It ensures you have the right stack everywhere. Affected versions of this package are vulnerable to Directory Traversal via the bin field when it contains .. pa...
Improper Handling of Highly Compressed Data (Data Amplification)
Overview httplib2 is a small HTTP client library for Python. Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification through the decompressContent function in httplib2/init.py. An attacker can exhaust memory and crash the client by sendin...
Insertion of Sensitive Information into Log File
Overview composer/composer is a Dependency Manager for PHP. Composer helps you declare, manage and install dependencies of PHP projects. It ensures you have the right stack everywhere. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the...
Infinite loop
Overview pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Infinite loop in ContentStream.readinlineimage in pypdf/generic/datastructures.py. An attacker can hang text extraction or any oth...
Directory Traversal
Overview composer/composer is a Dependency Manager for PHP. Composer helps you declare, manage and install dependencies of PHP projects. It ensures you have the right stack everywhere. Affected versions of this package are vulnerable to Directory Traversal through improper validation of package...
Incorrect Authorization
Overview github.com/nats-io/nats-server/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Incorrect Authorization in the subscribe process. An attacker can gain unauthorized access to...
Incorrect Authorization
Overview github.com/nats-io/nats-server/v2/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Incorrect Authorization in the subscribe process. An attacker can gain unauthorized access t...
NULL Pointer Dereference
Overview github.com/nats-io/nats-server/v2/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to NULL Pointer Dereference via the leafnode handshake process. An attacker can cause the serve...
NULL Pointer Dereference
Overview github.com/nats-io/nats-server/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to NULL Pointer Dereference via the leafnode handshake process. An attacker can cause the server t...
Incorrect Authorization
Overview github.com/nats-io/nats-server/v2/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Incorrect Authorization due to insufficient enforcement of destination permission checks for...
Incorrect Authorization
Overview github.com/nats-io/nats-server/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Incorrect Authorization due to insufficient enforcement of destination permission checks for...
Improper Authorization
Overview github.com/nats-io/nats-server/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Improper Authorization via the subscription authorization process. An attacker can access...
Improper Authorization
Overview github.com/nats-io/nats-server/v2/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Improper Authorization via the subscription authorization process. An attacker can access...
Incorrect Authorization
Overview github.com/nats-io/nats-server/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Incorrect Authorization in the MQTT retained message delivery and QoS1+ durable replay process...
Incorrect Authorization
Overview github.com/nats-io/nats-server/v2/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Incorrect Authorization in the MQTT retained message delivery and QoS1+ durable replay...
Improper Authentication
Overview github.com/nats-io/nats-server/v2/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Improper Authentication in the parser fast path for inter-server connections, which applies ...
Allocation of Resources Without Limits or Throttling
Overview github.com/nats-io/nats-server/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the MQTT CONNECT packet parser, which...
Improper Authentication
Overview github.com/nats-io/nats-server/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Improper Authentication in the parser fast path for inter-server connections, which applies a...
Allocation of Resources Without Limits or Throttling
Overview github.com/nats-io/nats-server/v2/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the MQTT CONNECT packet parser, whic...
External Control of File Name or Path
Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the readFileFromDisk function in tool-file-uploads.ts. An attacker can exfiltrate sensitive local files by prompt-injecting tool arguments that point the upload path at credential files such as...
Open Redirect
Overview gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Open Redirect via the filefetch function in the /gradioapi/file= endpoint. An attacker can redirect users to arbitrary URLs or access internal...
Injection
Overview github.com/nats-io/nats-server/v2/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Injection in the MQTT SUBSCRIBE handling, which forwards protocol control characters from...
Injection
Overview github.com/nats-io/nats-server/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Injection in the MQTT SUBSCRIBE handling, which forwards protocol control characters from...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via improper handling of AuthorizedKeysFile path expansion in the authentication. An attacker can gain unauthorized access to files outside the intended authorized-keys directory by supplying a path containing a...
Symlink Attack
Overview github.com/hashicorp/nomad/helper/escapingfs is a simple and flexible workload orchestrator to deploy and manage containers docker, podman, non-containerized applications executable, Java, and virtual machines qemu across on-prem and clouds at scale. Nomad is supported on Linux, Windows,...
Symlink Attack
Overview Affected versions of this package are vulnerable to Symlink Attack via the Docker task driver when a job submitter is able to bind-mount a host path into a container despite volume bind mounts being disabled. An attacker can gain unauthorized access to read and write files on the host...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the scp.py file when handling filenames provided by a remote server. An attacker can overwrite arbitrary files on the client filesystem by sending specially crafted filenames containing directory traversal...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via the dynamic host volumes feature. An attacker can delete a sticky volume claim belonging to a job in another namespace by leveraging host volume delete permissions in a different namespace. Remediation Upgrad...
Incorrect Authorization
Overview github.com/hashicorp/nomad/nomad is an easy-to-use, flexible, and performant workload orchestrator that can deploy a mix of microservice, batch, containerized, and non-containerized applications. Nomad is easy to operate and scale and has native Consul and Vault integrations. Affected...
Symlink Attack
Overview github.com/hashicorp/consul-template/template is a template rendering, notifier, and supervisor for @hashicorp Consul and Vault data Affected versions of this package are vulnerable to Symlink Attack via the writeToFile function. An attacker can cause template output to be written outsid...
Inefficient Algorithmic Complexity
Overview elysia is an Ergonomic Framework for Human Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via the getAll function in form data normalization for multipart/form-data endpoints. An attacker can cause excessive CPU consumption by submitting a large...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization in the allowprivileged restriction enforcement within the Docker task driver's host namespace mode options. An attacker can access sensitive information from the host or other workloads on the same client by...
Cross-site Scripting (XSS)
Overview @platejs/media is a Plate Media plugin Affected versions of this package are vulnerable to Cross-site Scripting XSS via the useMediaState file. An attacker can execute arbitrary JavaScript in the context of the victim's browser by crafting a document that sets a trusted video provider...
Integer Overflow or Wraparound
Overview github.com/nats-io/nats-server/v2/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the Connz connection monitoring pagination handler, which...
Uncaught Exception
Overview github.com/nats-io/nats-server/v2/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Uncaught Exception in the WebSocket listener routing, which dispatches requests for the...
Uncaught Exception
Overview github.com/nats-io/nats-server/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Uncaught Exception in the WebSocket listener routing, which dispatches requests for the...
Integer Overflow or Wraparound
Overview github.com/nats-io/nats-server/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the Connz connection monitoring pagination handler, which...
Incorrect Authorization
Overview github.com/nats-io/nats-server/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Incorrect Authorization in the parser path for non-CONNECT initial client operations, which...
Incorrect Authorization
Overview github.com/nats-io/nats-server/v2/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Incorrect Authorization in the parser path for non-CONNECT initial client operations, which...