Malicious code in gql2ts-from-schema (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (7a1acee750c796d45e602f027ea638a05590a78bb142aca903bfb2bb169466a6) The OpenSSF Package Analysis project identified 'gql2ts-from-schema' @ 2.1.1 (npm) as malicious. It is considered malicious because: - The package.....
7.1AI Score
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, where a stored XSS vulnerability could be imported from a project with malicious commit...
8.7CVSS
5.8AI Score
0.0004EPSS
An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible to read the source code of a project through a fork created before changing visibility to...
7.5CVSS
6.8AI Score
0.001EPSS
SP Project & Document Manager <= 4.71 - Subscriber+ File Download via IDOR
Description The plugin lacks proper access controllers and allows a logged in user to view and download files belonging to another...
6.6AI Score
0.0004EPSS
Missing Authorization vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager : from n/a through...
6.3CVSS
7.2AI Score
0.0004EPSS
Malicious code in eslint-plugin-indeed (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (cd3cf0dfdda3ea0bf705d385efb05c56b971a408c4a0dceef3771d2e474a33e0) The OpenSSF Package Analysis project identified 'eslint-plugin-indeed' @ 99.99.9 (npm) as malicious. It is considered malicious because: - The...
7.1AI Score
Malicious code in test-test-test-leys-check (PyPI)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (a0f1b447a06ae8cd034c08db769374bbc319460cc98a553bfc472d87ca1ef6cc) The OpenSSF Package Analysis project identified 'test-test-test-leys-check' @ 9.9.9 (pypi) as malicious. It is considered malicious because: - The.....
7.1AI Score
Malicious code in fing-react-components (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (4e606602dc2c4b6d0550d90156a68cf31799054412bac90062d266e5bcad3d76) The OpenSSF Package Analysis project identified 'fing-react-components' @ 1.15.0 (npm) as malicious. It is considered malicious because: The...
7.1AI Score
Malicious code in @wdp-gov/catalog-serialization-engine (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (279671687dd3fcc407084cb5aeaab3c707cf47164e8b81c3f1665b61ce19dfd9) The OpenSSF Package Analysis project identified '@wdp-gov/catalog-serialization-engine' @ 3.0.195 (npm) as malicious. It is considered malicious...
7.1AI Score
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, where a stored XSS vulnerability could be imported from a project with malicious commit...
8.7CVSS
5.7AI Score
0.0004EPSS
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, where a stored XSS vulnerability could be imported from a project with malicious commit...
8.7CVSS
5.4AI Score
0.0004EPSS
Malicious code in api-code-capture-chrome-extension (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (f1e44f89c4e3876559f46852c9a652c510df9384be3ffd0180e36f9fd64e8cfe) The OpenSSF Package Analysis project identified 'api-code-capture-chrome-extension' @ 20.0.1 (npm) as malicious. It is considered malicious...
7.1AI Score
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows merge request title to be visible publicly despite being set as project members...
5.3CVSS
6.4AI Score
0.0005EPSS
An integer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an integer overflow during memory allocation, which can lead to arbitrary code execution. Target application would need to access a malicious web page to....
8.8CVSS
8.9AI Score
0.003EPSS
Exploit for Improper Input Validation in Microsoft
About CVE-2024-30078 and the Corresponding KB Update...
8.3AI Score
According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is version 8.2.x prior to 8.6.0. It is, therefore, affected by an information disclosure vulnerability due to improper authorization checks. An authenticated, remote attacker can exploit...
4.3CVSS
4.6AI Score
0.001EPSS
pdm is a Python package and dependency manager supporting the latest PEP standards. It's possible to craft a malicious pdm.lock file that could allow e.g. an insider or a malicious open source project to appear to depend on a trusted PyPI project, but actually install another project. A project...
7.8CVSS
7.8AI Score
0.001EPSS
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows merge request title to be visible publicly despite being set as project members...
5.3CVSS
6.6AI Score
0.0005EPSS
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions all GLPI instances with the native inventory used may leak sensitive information. The feature to get refused file is not authenticated......
5.3CVSS
6.5AI Score
0.002EPSS
Denial of service due to malicious parameters in github.com/lestrrat-go/jwx
The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c (PBES2 Count). This parameter dictates the number of PBKDF2 iterations needed to derive a CEK wrapping key. Its purpose is to intentionally slow down the key derivation function, making password...
5.3CVSS
7.2AI Score
0.0005EPSS
lestrrat-go/jwx is a Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies. A p2c parameter set too high in JWE's algorithm PBES2-* could lead to a denial of service. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called...
5.3CVSS
5.2AI Score
0.0005EPSS
Malicious code in twentynineteen (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (41e718fa7d54fba600dedc033d1d1c93b282fdae82403869bf77c53363acf842) The OpenSSF Package Analysis project identified 'twentynineteen' @ 2.5.1 (npm) as malicious. It is considered malicious because: The package...
7AI Score
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (b402206ef266d63280b9361618b5ece377520d29080572d05c4a7dd0010f1e54) The OpenSSF Package Analysis project identified 'itfd' @ 1.0.0 (npm) as malicious. It is considered malicious because: - The package communicates...
7.3AI Score
Malicious code in blue-oval-theme (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (c708f4696b33e43ba9ca5b70bafa9ac82b1ee694df0caa84f7283885ff8d5544) The OpenSSF Package Analysis project identified 'blue-oval-theme' @ 1.0.0 (npm) as malicious. It is considered malicious because: The package...
7.3AI Score
The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cdm_save_category AJAX action in all versions up to, and including, 4.70. This makes it possible for authenticated attackers, with subscriber-level...
4.3CVSS
5.7AI Score
0.0004EPSS
The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cdm_save_category AJAX action in all versions up to, and including, 4.70. This makes it possible for authenticated attackers, with subscriber-level...
4.3CVSS
6.6AI Score
0.0004EPSS
Malicious code in melichat-component-library (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (1d7d152708054848a62109924487b7dcacac50e054b19a8682b3b0b26b279e6b) The OpenSSF Package Analysis project identified 'melichat-component-library' @ 1.1.0 (npm) as malicious. It is considered malicious because: The...
7.1AI Score
Malicious code in openstad-component-forms (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (ce99b034a6f67b0bd613755012e00352d254a5b438c7d65a687a2e2e2458cd7e) The OpenSSF Package Analysis project identified 'openstad-component-forms' @ 1.0.0 (npm) as malicious. It is considered malicious because: The...
7.1AI Score
The hashing algorithm of ChurchCRM v4.5.3 utilizes a non-random salt value which allows attackers to use precomputed hash tables or dictionary attacks to crack the hashed...
7.5CVSS
7AI Score
0.001EPSS
Animated AL List <= 1.0.6 - Reflected XSS
Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as...
6AI Score
0.0004EPSS
Malicious code in iobeya-time-utils (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (5cc94a15fd9feb4f7fd5146415061bfe386fd2d185f1e0d80fc3ecd40ce7adb2) The OpenSSF Package Analysis project identified 'iobeya-time-utils' @ 3.0.0 (npm) as malicious. It is considered malicious because: The package...
7.3AI Score
Malicious code in storefront-h5-sdk (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (3bdecd59d5667e506fd4f66d29c575454020e37384211ce8a27e463cd6971298) The OpenSSF Package Analysis project identified 'storefront-h5-sdk' @ 1.0.0 (npm) as malicious. It is considered malicious because: The package...
7.1AI Score
Malicious code in donuts.node-build (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (6b8d6fee5827de9688cc9b83812dc32e54e33531a0bd2fd179dc3e2935564dc7) The OpenSSF Package Analysis project identified 'donuts.node-build' @ 99.99.104 (npm) as malicious. It is considered malicious because: - The...
7.3AI Score
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows non-project member to promote key results to objectives. Notes Author| Note ---|--- | Priority reason: Low...
4.3CVSS
6.5AI Score
0.0004EPSS
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions there is a SQL injection vulnerability which is possible on login page. No user credentials are required to exploit this vulnerability......
9.8CVSS
7.6AI Score
0.002EPSS
Malicious code in parallel-workers (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (abf4ac32d4bbbf2bca51efed2166f670c707230f7da2b87c1318cbe8ca9dade1) The OpenSSF Package Analysis project identified 'parallel-workers' @ 99.99.101 (npm) as malicious. It is considered malicious because: - The...
7.3AI Score
Malicious code in odyssey-lint-staged (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (0b408f794010d1926bb9841d26fd28c91c97d8f11d71acea664c92ccb5a06a54) The OpenSSF Package Analysis project identified 'odyssey-lint-staged' @ 9.9.5 (npm) as malicious. It is considered malicious because: The package...
7.3AI Score
Malicious code in mesbah-unclaim (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (263dd8e3a7c219627fe6ca196c18bb5262996c68f086fd118d74caec6e06aee1) The OpenSSF Package Analysis project identified 'mesbah-unclaim' @ 2.0.0 (npm) as malicious. It is considered malicious because: - The package...
7.3AI Score
Malicious code in draconianspeed (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (b1212e40bb57fce7672f50431153645b13624cc1e2061b44c0b91fec275e7853) The OpenSSF Package Analysis project identified 'draconianspeed' @ 5.0.0 (npm) as malicious. It is considered malicious because: The package...
7.4AI Score
Malicious code in webquickauth (PyPI)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (e838cec17c1006b567e2a70f9554fd2a040c9fb0cfdf8d753e81548c1ea02c49) The OpenSSF Package Analysis project identified 'webquickauth' @ 2.3.5 (pypi) as malicious. It is considered malicious because: The package...
7.4AI Score
[SECURITY] Fedora 40 Update: libopenmpt-0.7.8-1.fc40
libopenmpt is a cross-platform C++ and C library to decode tracked music files (modules) into a raw PCM audio stream. libopenmpt is based on the player code of the OpenMPT project (Open ModPlug Tracker). In order to avoid code base fragmentation, libopenmpt is developed in the same source code...
7.4AI Score
[SECURITY] Fedora 39 Update: libopenmpt-0.7.8-1.fc39
libopenmpt is a cross-platform C++ and C library to decode tracked music files (modules) into a raw PCM audio stream. libopenmpt is based on the player code of the OpenMPT project (Open ModPlug Tracker). In order to avoid code base fragmentation, libopenmpt is developed in the same source code...
7.4AI Score
Malicious code in @yu-life/yulife-bdd-framework (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (8dfe091de922cc251578223955b74b56ade98fa67b719bcaa584d3403602f992) The OpenSSF Package Analysis project identified '@yu-life/yulife-bdd-framework' @ 0.0.72 (npm) as malicious. It is considered malicious because: ...
7.3AI Score
OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. There is an issue with the implementation of fine-grained access control rules (document-level security, field-level security and field masking) where they are not correctly applied to the indices that back data...
6.3CVSS
6.4AI Score
0.001EPSS
Malicious code in internal-udfc-pkg (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (25708e4f5f0536339a12c9bf28e659c821359f2733ff51d193cd6d74443c3650) The OpenSSF Package Analysis project identified 'internal-udfc-pkg' @ 5.5.5 (npm) as malicious. It is considered malicious because: The package...
7.3AI Score
A buffer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an out-of-bounds memory access, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this...
8.8CVSS
9AI Score
0.003EPSS
OpenSearch is an open source distributed and RESTful search engine. OpenSearch uses JWTs to store role claims obtained from the Identity Provider (IdP) when the authentication backend is SAML or OpenID Connect. There is an issue in how those claims are processed from the JWTs where the leading and....
8.8CVSS
8.6AI Score
0.001EPSS
Malicious code in quickwebbasicauth (PyPI)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (e8ebea7be43f522c7fd45c4793bcac3b33c5ffafa2dc9ea3e0f28657bc650819) The OpenSSF Package Analysis project identified 'quickwebbasicauth' @ 2.3.2 (pypi) as malicious. It is considered malicious because: The package...
7.4AI Score
Malicious code in @wdpx/themes (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (027f3f6ecca8b2d2bd6a4d8c6b358eb1ea8ea1f094cfe3d2606095b6b17d822f) The OpenSSF Package Analysis project identified '@wdpx/themes' @ 3.0.2 (npm) as malicious. It is considered malicious because: The package...
7.1AI Score
Malicious code in new-pro-anu (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (0b55891b547000b2110259388d7a21b3400ccd5815214318ed92c74acd78bf3c) The OpenSSF Package Analysis project identified 'new-pro-anu' @ 1.2.8 (npm) as malicious. It is considered malicious because: The package...
7.3AI Score