Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the HTTP-based namespace verification process. An attacker can access internal or private network resources by supplying specially crafted IPv6 addresses that bypass the intended address allowlist...

LDAP Injection

Overview Affected versions of this package are vulnerable to LDAP Injection in the login process due to improper escaping of user-supplied input before it is incorporated into LDAP search filters. An attacker can enumerate valid usernames and extract sensitive attribute data from the connected LD...

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound through the lybreadstring function in src/parserlyb.c when parsing a specially crafted LYB binary blob. An attacker can cause a crash or corrupt the heap by supplying malicious LYB data to a consumer of th...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the websiteUrl field, which is interpolated into an HTML attribute without proper encoding of quote characters. An attacker can execute arbitrary JavaScript in the context of users visiting the catalogue UI b...

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation via spoofed X-Crabbox-Owner and X-Crabbox-Org headers in requests authenticated with a shared token. An attacker can gain unauthorized access to owner or organization-scoped lease operations by injecting malicious...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection in the process that handles environment variable allowlisting in repository-local configuration. An attacker can access sensitive environment variables, including API tokens and credentials, by forwarding them...

Inadequate Encryption Strength

Overview Affected versions of this package are vulnerable to Inadequate Encryption Strength due to insufficient enforcement of length and entropy requirements for the JWTSECRET configuration value. An attacker can gain unauthorized access to user accounts by forging authentication tokens using we...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the HEIF decoder due to a subimage metadata mismatch. An attacker can achieve memory corruption and potentially execute arbitrary code by supplying a specially crafted image file. Remediation Upgrade...

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation due to improper validation of JWT aud and iss claims in the Windows MDM authentication flow. An attacker can enroll unauthorized devices by presenting a valid Microsoft-signed Azure AD token from any tenant. This is...

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation due to improper validation of JWT aud and iss claims in the Windows MDM authentication flow. An attacker can enroll unauthorized devices by presenting a valid Microsoft-signed Azure AD token from any tenant. This is...

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation due to improper validation of JWT aud and iss claims in the Windows MDM authentication flow. An attacker can enroll unauthorized devices by presenting a valid Microsoft-signed Azure AD token from any tenant. This is...

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation due to improper validation of JWT aud and iss claims in the Windows MDM authentication flow. An attacker can enroll unauthorized devices by presenting a valid Microsoft-signed Azure AD token from any tenant. This is...

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation due to the reliance on client-supplied IP address headers such as X-Forwarded-For, X-Real-IP, and True-Client-IP. An attacker can circumvent per-IP rate limiting by supplying arbitrary values in these headers, causing...

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation due to the reliance on client-supplied IP address headers such as X-Forwarded-For, X-Real-IP, and True-Client-IP. An attacker can circumvent per-IP rate limiting by supplying arbitrary values in these headers, causing...

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation due to the reliance on client-supplied IP address headers such as X-Forwarded-For, X-Real-IP, and True-Client-IP. An attacker can circumvent per-IP rate limiting by supplying arbitrary values in these headers, causing...

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation due to the reliance on client-supplied IP address headers such as X-Forwarded-For, X-Real-IP, and True-Client-IP. An attacker can circumvent per-IP rate limiting by supplying arbitrary values in these headers, causing...

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation due to the reliance on client-supplied IP address headers such as X-Forwarded-For, X-Real-IP, and True-Client-IP. An attacker can circumvent per-IP rate limiting by supplying arbitrary values in these headers, causing...

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation due to the reliance on client-supplied IP address headers such as X-Forwarded-For, X-Real-IP, and True-Client-IP. An attacker can circumvent per-IP rate limiting by supplying arbitrary values in these headers, causing...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read due to improper bounds checking in the decodepixel process. An attacker can trigger an out-of-bounds read by supplying a specially crafted TGA paletted image that causes integer wraparound during palette index...

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the ConvertCbYCrYToRGB function. An attacker can cause a heap out-of-bounds write by supplying crafted image data that triggers a signed integer overflow in the pixel-loop index expression, potentially...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection in the process that generates uninstall scripts from uploaded software packages, due to improper sanitization of metadata fields. An attacker can execute arbitrary commands with elevated privileges on managed endpoints...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection in the process that generates uninstall scripts from uploaded software packages, due to improper sanitization of metadata fields. An attacker can execute arbitrary commands with elevated privileges on managed endpoints...

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write in the softimageinput.cpp process when handling RLE decoding. An attacker can cause a heap buffer overflow by submitting a crafted .pic file with a manipulated run length value that exceeds the scanline width...

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write in the sgiinput.cpp process when handling SGI RLE image files. An attacker can cause a heap buffer overflow and crash the application by supplying a crafted .sgi file with an RLE count exceeding the scanline width...

Improper Handling of Unexpected Data Type

Overview Affected versions of this package are vulnerable to Improper Handling of Unexpected Data Type via the PublishLogs endpoint. An authenticated gRPC request from an enrolled launcher host can cause the server process to panic and terminate unexpectedly. Remediation Upgrade...

Improper Handling of Unexpected Data Type

Overview Affected versions of this package are vulnerable to Improper Handling of Unexpected Data Type via the PublishLogs endpoint. An authenticated gRPC request from an enrolled launcher host can cause the server process to panic and terminate unexpectedly. Remediation Upgrade...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the export process. An attacker can write files to arbitrary locations on the filesystem by uploading an asset with a crafted filename containing directory traversal sequences and then triggering an administrator...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the export process. An attacker can write files to arbitrary locations on the filesystem by uploading an asset with a crafted filename containing directory traversal sequences and then triggering an administrator...

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation due to the reliance on client-supplied IP address headers such as X-Forwarded-For, X-Real-IP, and True-Client-IP. An attacker can circumvent per-IP rate limiting by supplying arbitrary values in these headers, causing...

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation due to the reliance on client-supplied IP address headers such as X-Forwarded-For, X-Real-IP, and True-Client-IP. An attacker can circumvent per-IP rate limiting by supplying arbitrary values in these headers, causing...

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation due to the reliance on client-supplied IP address headers such as X-Forwarded-For, X-Real-IP, and True-Client-IP. An attacker can circumvent per-IP rate limiting by supplying arbitrary values in these headers, causing...

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation due to the reliance on client-supplied IP address headers such as X-Forwarded-For, X-Real-IP, and True-Client-IP. An attacker can circumvent per-IP rate limiting by supplying arbitrary values in these headers, causing...

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation due to the reliance on client-supplied IP address headers such as X-Forwarded-For, X-Real-IP, and True-Client-IP. An attacker can circumvent per-IP rate limiting by supplying arbitrary values in these headers, causing...

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation due to the reliance on client-supplied IP address headers such as X-Forwarded-For, X-Real-IP, and True-Client-IP. An attacker can circumvent per-IP rate limiting by supplying arbitrary values in these headers, causing...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the SwapRGBABytes process. An attacker can trigger out-of-bounds memory access by supplying a specially crafted kABGR DPX image with large dimensions, leading to potential reading from or writing to unintended...

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the QueryRGBBufferSizeInternal function when processing crafted DPX image files. An attacker can cause a heap-based out-of-bounds write by supplying a specially crafted DPX file that triggers an integer...

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the jpeg2000input.cpp process when calculating buffer size using signed 32-bit arithmetic. An attacker can trigger a heap overflow by providing crafted image dimensions that cause integer overflow,...

Embedded Malicious Code

Overview node-ipc is an A nodejs module for local and remote Inter Process Communication IPC, Neural Networking, and able to facilitate machine learning. Affected versions of this package are vulnerable to Embedded Malicious Code that conceals an advanced credential-stealing infostealer. A...

Exposure of Sensitive Information Through Environmental Variables

Overview utcp-cli is an UTCP communication protocol plugin for wrapping local command-line tools. Affected versions of this package are vulnerable to Exposure of Sensitive Information Through Environmental Variables via the prepareenvironment function. An attacker can access and exfiltrate...

Command Injection

Overview utcp-cli is an UTCP communication protocol plugin for wrapping local command-line tools. Affected versions of this package are vulnerable to Command Injection via the substituteutcpargs function. An attacker can execute arbitrary shell commands by supplying crafted input to the toolargs...

Server-side Request Forgery (SSRF)

Overview @utcp/http is a HTTP utilities for UTCP Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the OpenApiConverter process. An attacker can access internal network resources and sensitive metadata endpoints by supplying a malicious OpenAPI specification...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the regConfig parameter in full-text search APIs. An attacker can execute arbitrary SQL commands by supplying crafted input to the regConfig parameter, which is interpolated directly into SQL statements without...

User Impersonation

Overview @samanhappy/mcphub is an A hub server for mcp servers Affected versions of this package are vulnerable to User Impersonation via the sseUserContextMiddleware process. An attacker can gain unauthorized access to user sessions and perform actions as any user, including administrators, by...

Cross-site Scripting (XSS)

Overview svelte is a package for building web applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper serialization of hydratable promises. An attacker can execute arbitrary scripts in the context of the affected application by supplying specially...

Use of Password Hash With Insufficient Computational Effort

Overview electerm is an open-sourced terminal/ssh/telnet/serialport/sftp client Affected versions of this package are vulnerable to Use of Password Hash With Insufficient Computational Effort due to the encrypt process. An attacker can compromise the confidentiality and integrity of synced bookma...

Improper Verification of Source of a Communication Channel

Overview electerm is an open-sourced terminal/ssh/telnet/serialport/sftp client Affected versions of this package are vulnerable to Improper Verification of Source of a Communication Channel via the single-instance socket process. An attacker can execute arbitrary code by sending a crafted JSON...

Server-side Request Forgery (SSRF)

Overview deepseek-tui is an Install and run deepseek and deepseek-tui binaries from GitHub release artifacts. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetchurl process. An attacker can gain unauthorized access to internal resources by supplying ...

Arbitrary Code Injection

Overview deepseek-tui is an Install and run deepseek and deepseek-tui binaries from GitHub release artifacts. Affected versions of this package are vulnerable to Arbitrary Code Injection via the runtests process. An attacker can execute arbitrary code by introducing malicious test code into a...

Server-side Request Forgery (SSRF)

Overview deepseek-tui is an Install and run deepseek and deepseek-tui binaries from GitHub release artifacts. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetchurl process. An attacker can access sensitive internal resources by supplying a URL that...

Cross-site Scripting (XSS)

Overview svelte is a package for building web applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the handling of attribute spreading and dynamic name attributes within form elements. An attacker can inject malicious scripts by manipulating both the sprea...