Herbs & Flowers Dictionary Project Security Vulnerabilities

Malicious code in dist-web (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (ff355bd5f2422ce630aeb0652869d4bdaa8f3f18cf576fc60a76588f3acf36b4) The OpenSSF Package Analysis project identified 'dist-web' @ 99.1.1 (npm) as malicious. It is considered malicious because: - The package...

Malicious code in diesel-site (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (bb78d01ad7ff8d210d59657017d35725abab41a1e59657ff43ac4ac0889ac493) The OpenSSF Package Analysis project identified 'diesel-site' @ 99.9.1 (npm) as malicious. It is considered malicious because: - The package...

Malicious code in apache2 (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (12b1a6eed914c86f199b052822217042e2afa047d6b1d9921fd30b56f1e5e650) The OpenSSF Package Analysis project identified 'apache2' @ 1.1.9 (npm) as malicious. It is considered malicious because: - The package...

Malicious code in bageth (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (e0fb8d217f32446aeb4dbf744d45c5aadd152f0917a228ead1ad0183ac18b995) The OpenSSF Package Analysis project identified 'bageth' @ 2.0.0 (npm) as malicious. It is considered malicious because: The package communicates...

Malicious code in kiln-desktop (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (ef3b624dee4eb3ef776b321ad28eddf3bc2d6cde2852fdcb47b0ef795047c6bf) The OpenSSF Package Analysis project identified 'kiln-desktop' @ 2.2.0 (npm) as malicious. It is considered malicious because: The package...

Malicious code in bistrosk (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (275abca8527ba6a0a29bf30537bad45fb01533a199b59ca9543da88dda4f8334) The OpenSSF Package Analysis project identified 'bistrosk' @ 200.0.3 (npm) as malicious. It is considered malicious because: The package...

CVE-2024-6323

Improper authorization in global search in GitLab EE affecting all versions from 16.11 prior to 16.11.5 and 17.0 prior to 17.0.3 and 17.1 prior to 17.1.1 allows an attacker leak content of a private repository in a public...

CVE-2024-5430

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.10 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows a project maintainer can delete the merge request approval policy via...

Malicious code in falsepositivecheck6969 (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (cef392714b654bd14df8ba24c491e8844b54e08fee392bff62632f7f3e5d6fa1) The OpenSSF Package Analysis project identified 'falsepositivecheck6969' @ 9999.9.9 (npm) as malicious. It is considered malicious because: - The...

Malicious code in zsbpwebsdktest (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (347bc418b55e9092cd6a48ff3f93f328085fa2c4192ba6dc2c5cf062c3d10c20) The OpenSSF Package Analysis project identified 'zsbpwebsdktest' @ 9999.99.91 (npm) as malicious. It is considered malicious because: - The package....

Malicious code in zsbpwebsdk (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (bf63d69adabe277a69df70ff7c39dd42b81fad4f512f8204458dc438d7edfb7d) The OpenSSF Package Analysis project identified 'zsbpwebsdk' @ 9999.9.9 (npm) as malicious. It is considered malicious because: - The package...

Malicious code in stateful-fastclick (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (5a06e5b71a04fa67ca20937e8e438c638644db87d181799a046d22c568e6c4c5) The OpenSSF Package Analysis project identified 'stateful-fastclick' @ 1.0.0 (npm) as malicious. It is considered malicious because: - The package.....

Malicious code in myattenuator (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (ea4131b4858e840e02fe12b2a8719cfe85598245a84e842b917dd595ea1af4e4) The OpenSSF Package Analysis project identified 'myattenuator' @ 1.0.0 (npm) as malicious. It is considered malicious because: - The package...

Malicious code in policycms (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (6fcf99ac2d853174c6d17fd728c94d9fd33306bddfc79312ba47ffe026e42606) The OpenSSF Package Analysis project identified 'policycms' @ 1.0.1 (npm) as malicious. It is considered malicious because: - The package...

Malicious code in back-alley (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (83d1eb07b6ba84ecc98bdd4ad2a1313b540e69509c08d8d66f4b2fe54a1986a7) The OpenSSF Package Analysis project identified 'back-alley' @ 1.1.0 (npm) as malicious. It is considered malicious because: - The package...

Malicious code in confusedatma (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (5708cd21986870186d2bf74eddcd5583472dd093668db44c4be3d889ce1417df) The OpenSSF Package Analysis project identified 'confusedatma' @ 9.9.9 (npm) as malicious. It is considered malicious because: - The package...

CVE-2023-28639

GLPI is a free asset and IT management software package. Starting in version 0.85 and prior to versions 9.5.13 and 10.0.7, a malicious link can be crafted by an unauthenticated user. It will be able to exploit a reflected XSS in case any authenticated user opens the crafted link. This issue is...

CVE-2023-28632

GLPI is a free asset and IT management software package. Starting in version 0.83 and prior to versions 9.5.13 and 10.0.7, an authenticated user can modify emails of any user, and can therefore takeover another user account through the "forgotten password" feature. By modifying emails, the user...

BIT-gitlab-2024-5430

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.10 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows a project maintainer can delete the merge request approval policy via...

Malicious code in cyclotron-svc (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (4f8b0a1aa798da64bb0b8fd50b7a301eb9c0bec31e520948a8b30275bcbe318b) The OpenSSF Package Analysis project identified 'cyclotron-svc' @ 5.0.0 (npm) as malicious. It is considered malicious because: - The package...

Malicious code in verycoolzpac (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (5375ee65b8d94a515b53e30980d783a66b8f75c2ad0f388f471e41b0dada5587) The OpenSSF Package Analysis project identified 'verycoolzpac' @ 0.39.9999 (npm) as malicious. It is considered malicious because: - The package...

Malicious code in smsobfuscate (PyPI)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (fa2efc28ecdebc90e41edd50503e199984f68d05cb13edab8b6e8d503d18e75c) The OpenSSF Package Analysis project identified 'smsobfuscate' @ 1.0.1 (pypi) as malicious. It is considered malicious because: - The package...

CVE-2024-4011

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows non-project member to promote key results to...

CVE-2023-51446

GLPI is a Free Asset and IT Management Software package. When authentication is made against a LDAP, the authentication form can be used to perform LDAP injection. Upgrade to...

Malicious code in @wdp-gov/lineage-component (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (d71a3c3672d613586050e5166426a68d0f5b4ab173d202c331b0259a3919c5a3) The OpenSSF Package Analysis project identified '@wdp-gov/lineage-component' @ 1.0.33 (npm) as malicious. It is considered malicious because: The...

CVE-2022-2227

Improper access control in the runner jobs API in GitLab CE/EE affecting all versions prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows a previous maintainer of a project with a specific runner to access job and project meta data under certain...

Malicious code in @amops/fetch (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (d9eb323a3c294832e925d2ed472560ab37507fc32711add225d99db97b08bc74) The OpenSSF Package Analysis project identified '@amops/fetch' @ 1.4.1 (npm) as malicious. It is considered malicious because: The package...

BIT-gitlab-2024-4011

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows non-project member to promote key results to...

GeoServer JAI-EXT extension command injection

Added: 06/27/2024 Background GeoServer is an open source server for sharing geospatial data. Java Advanced Imaging (JAI) is an API which provides a set of high level objects for the image processing. JAI-EXT is an open source project which extends the JAI API. Jiffle is a map algebra language...

CVE-2024-5430

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.10 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows a project maintainer can delete the merge request approval policy via...

Malicious code in pcln-event-dispatcher (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (58d0757d5f390b101d520dbcfa438dc8fdf9197eccea3aae851f57a1cb09eeb3) The OpenSSF Package Analysis project identified 'pcln-event-dispatcher' @ 999999999.99.9 (npm) as malicious. It is considered malicious because: ...

Malicious code in cncf-interactive-landscape (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (8d2b9d2c5124b5a628ea48abf890a34baae186cb6a3844fc2617ad57b21be8d9) The OpenSSF Package Analysis project identified 'cncf-interactive-landscape' @ 1.0.6 (npm) as malicious. It is considered malicious because: The...

Malicious code in repsol-uikit (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (0ded61aa0f6be46c0b02bb6eb5deb82d4dd4830e41a76cdf52d9d21576c50c57) The OpenSSF Package Analysis project identified 'repsol-uikit' @ 9.999.0 (npm) as malicious. It is considered malicious because: The package...

Malicious code in hydra-consent-app-express (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (44bb7f6bf0f9abc4741ab850705b17f64105e289174cd87fd51831bc95b726c3) The OpenSSF Package Analysis project identified 'hydra-consent-app-express' @ 2.0.0 (npm) as malicious. It is considered malicious because: The...

Malicious code in eslint-config-web3-base (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (e23c591b583354dc45114b2ff42008dd281f6a57772a8f5f59a249ab89f2fd84) The OpenSSF Package Analysis project identified 'eslint-config-web3-base' @ 0.1.2 (npm) as malicious. It is considered malicious because: The...

Malicious code in smart-commons (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (3d5cef67a87cd4a497f6879379a3829535212f7d703197ce6d3130dd03fd2da6) The OpenSSF Package Analysis project identified 'smart-commons' @ 19.6.1 (npm) as malicious. It is considered malicious because: - The package...

Malicious code in plain-function (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (2e38d4006afc6d5a3ce531ced341af81b57134a68230e68e52122825f587260e) The OpenSSF Package Analysis project identified 'plain-function' @ 20.1.1 (npm) as malicious. It is considered malicious because: - The package...

Malicious code in links-3 (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (870f8306aa2e95828fa2fdd771044248f7d5e8e715304b6818773620e5c7a1b2) The OpenSSF Package Analysis project identified 'links-3' @ 9.0.1 (npm) as malicious. It is considered malicious because: - The package...

Malicious code in spamsynonym (PyPI)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (bbc650ef44d412610406a674ac1fce3dcb717b01d175614f158016f47b53b1ce) The OpenSSF Package Analysis project identified 'spamsynonym' @ 1.1.1 (pypi) as malicious. It is considered malicious because: - The package...

Malicious code in com.unity.xrtools.spatial-hash (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (efa5d123e10b0da3ed7e7898101f41654aa13a572def7acb40b838e0ef88e74b) The OpenSSF Package Analysis project identified 'com.unity.xrtools.spatial-hash' @ 2.0.0 (npm) as malicious. It is considered malicious because: -.....

CVE-2021-36782

A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners, Project Members and User Base to use the Kubernetes API to retrieve plaintext version of sensitive data. This issue affects: SUSE Rancher Rancher...

Malicious code in xterm-addon-clipboard (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (5cf6d3796e2698ca788f0833376dcbd11460b764506f5ffb63bdd8e71262113e) The OpenSSF Package Analysis project identified 'xterm-addon-clipboard' @ 6.0.7 (npm) as malicious. It is considered malicious because: The...

Malicious code in webpack-dev-server.legacy (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (85cd0dbb01e0045658eb423c4580a09f07f36ce5af1689227f99e72348cda4a6) The OpenSSF Package Analysis project identified 'webpack-dev-server.legacy' @ 1.0.0 (npm) as malicious. It is considered malicious because: - The...

Malicious code in gql2ts-from-schema (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (7a1acee750c796d45e602f027ea638a05590a78bb142aca903bfb2bb169466a6) The OpenSSF Package Analysis project identified 'gql2ts-from-schema' @ 2.1.1 (npm) as malicious. It is considered malicious because: - The package.....

Malicious code in virgil-spring-boot-starter (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (1d7b81762635da58744d7567d3ac4b1bf12da5d3c72070a9d2260d40463fcdbb) The OpenSSF Package Analysis project identified 'virgil-spring-boot-starter' @ 20.0.0 (npm) as malicious. It is considered malicious because: - The....

CVE-2022-0551 Authenticated RCE on project configuration import in Guardian/CMC before 22.0.0

Improper Input Validation vulnerability in project file upload in Nozomi Networks Guardian and CMC allows an authenticated attacker with admin or import manager roles to execute unattended commands on the appliance using web server user privileges. This issue affects: Nozomi Networks Guardian...

CVE-2024-4901

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, where a stored XSS vulnerability could be imported from a project with malicious commit...

CVE-2022-41859

In freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary...

CVE-2023-3413

An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible to read the source code of a project through a fork created before changing visibility to...

Malicious code in eslint-plugin-indeed (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (cd3cf0dfdda3ea0bf705d385efb05c56b971a408c4a0dceef3771d2e474a33e0) The OpenSSF Package Analysis project identified 'eslint-plugin-indeed' @ 99.99.9 (npm) as malicious. It is considered malicious because: - The...