Vulnerabilities

ID
Packages
Summary
Published
arrow_upward
Attributes
CGA-fp68-23h9-4cv5
  • Chainguard/py3.11-prefect-fips
  • Chainguard/py3.12-prefect-fips
  • Chainguard/py3.13-prefect-fips
See record for full details 1 hour ago
  • Fix available
GHSA-8m29-fpq5-89jj
  • crates.io/zebra-script
  • crates.io/zebrad
Zebra Vulnerable to Consensus Divergence in Transparent Sighash Hash-Type Handling 1 hour ago
  • Fix available
  • Severity - 9.3 (Critical)
GHSA-29x4-r6jv-ff4w
  • crates.io/zebra-rpc
  • crates.io/zebrad
Zebra Vulnerable to Denial of Service via Interrupted JSON-RPC Requests from Authenticated Clients 1 hour ago
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-452v-w3gx-72wg
  • crates.io/zebra-chain
  • crates.io/zebrad
Zebra has rk Identity Point Panic in Transaction Verification 1 hour ago
  • Fix available
  • Severity - 9.2 (Critical)
GHSA-9j88-vvj5-vhgr
  • NuGet/MailKit
MailKit has STARTTLS Response Injection via unflushed stream buffer that enables SASL mechanism downgrade 1 hour ago
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-cjcx-jfp2-f7m2
  • PyPI/pretalx
pretalx vulnerable to stored cross-site scripting in organizer search typeahead 1 hour ago
  • Fix available
  • Severity - 8.7 (High)
GHSA-jm8c-9f3j-4378
  • PyPI/pretalx
pretalx mail templates vulnerable to email injection via unescaped user-controlled placeholders 1 hour ago
  • Fix available
  • Severity - 6.1 (Medium)
GHSA-xjvp-7243-rg9h
  • Go/charm.land/wish/v2
  • Go/github.com/charmbracelet/wish
Wish has SCP Path Traversal that allows arbitrary file read/write 1 hour ago
  • Fix available
  • Severity - 9.6 (Critical)
GHSA-mjw2-v2hm-wj34
  • PyPI/dagster
  • PyPI/dagster-deltalake
  • PyPI/dagster-duckdb
  • PyPI/dagster-gcp
  • PyPI/dagster-snowflake
  • ... 1 more
Dagster Vulnerable to SQL Injection via Dynamic Partition Keys in Database I/O Manager Integrations 1 hour ago
  • Fix available
  • Severity - 8.3 (High)
GHSA-mph4-q2vm-w2pw
  • Go/github.com/kubernetes-sigs/aws-efs-csi-driver
Amazon EFS CSI Driver has mount option injection via unsanitized volumeHandle and mounttargetip fields 1 hour ago
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-38h3-2333-qx47
  • NuGet/OpenTelemetry.Exporter.Jaeger
OpenTelemetry .NET has potential memory exhaustion via unbounded pooled-list sizing in Jaeger exporter conversion path 1 hour ago
  • No fix available
  • Severity - 5.9 (Medium)
GHSA-f58v-p6j9-24c2
  • Packagist/yeswiki/yeswiki
YesWiki vulnerable to authenticated SQL Injection via id_fiche in EntryManager::formatDataBeforeSave() 1 hour ago
  • Fix available
  • Severity - 8.8 (High)
GHSA-6g38-8j4p-j3pr
  • Go/github.com/nhost/nhost
Nhost Vulnerable to Account Takeover via OAuth Email Verification Bypass 1 hour ago
  • Fix available
  • Severity - 9.3 (Critical)
GHSA-qrr6-mg7r-m243
  • Packagist/phpunit/phpunit
PHPUnit has Argument injection via newline in PHP INI values that are forwarded to child processes 1 hour ago
  • Fix available
  • Severity - 7.8 (High)
GHSA-h39g-6x3c-7fq9
  • NuGet/Zio
Zio has SubFileSystem Path Confinement Bypass via Unresolved `..` Segment 1 hour ago
  • Fix available
  • Severity - 3.8 (Low)
GHSA-v38x-c887-992f
  • npm/flowise
  • npm/flowise-components
Flowise: Airtable_Agent Code Injection Remote Code Execution Vulnerability 1 hour ago
  • Fix available
  • Severity - 9.2 (Critical)