Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-4647-wpjq-hh7f
  • npm/budibase
 Budibase Unrestricted Server-Side Request Forgery (SSRF) via REST Datasource Query Preview 4 hours ago
  • No fix available
  • Severity - 8.7 (High)
GHSA-5hmj-jcgp-6hff
  • npm/parse-server
 Parse Server leaks protected fields via LiveQuery afterEvent trigger 4 hours ago
  • Fix available
  • Severity - 8.2 (High)
GHSA-mwxc-m426-3f78
  • npm/@apostrophecms/import-export
 ApostropheCMS has Arbitrary File Write (Zip Slip / Path Traversal) in Import-Export Gzip Extraction 4 hours ago
  • Fix available
  • Severity - 9.9 (Critical)
GHSA-v9xm-ffx2-7h35
  • npm/apostrophe
 ApostropheCMS MFA/TOTP Bypass via Incorrect MongoDB Query in Bearer Token Middleware 4 hours ago
  • Fix available
  • Severity - 8.1 (High)
GHSA-677m-j7p3-52f9
  • npm/socket.io-parser
 socket.io allows an unbounded number of binary attachments 7 hours ago
  • Fix available
  • Severity - 8.7 (High)
GHSA-g5ph-f57v-mwjc
  • npm/oneuptime
 OneUptime WhatsApp Webhook Missing Signature Verification 7 hours ago
  • Fix available
  • Severity - 8.7 (High)
MAL-2026-1576
  • npm/chai-as-constrained
 Malicious code in chai-as-constrained (npm) 7 hours ago
  • No fix available
GHSA-gcg3-c5p2-cqgg
  • npm/oneuptime
 OneUptime ClickHouse vulnerable to SQL Injection via unvalidated column identifiers in sort, select, and groupBy parameters 7 hours ago
  • Fix available
  • Severity - 8.1 (High)
GHSA-wr4h-v87w-p3r7
  • npm/h3
 h3 has a Path Traversal via Percent-Encoded Dot Segments in serveStatic Allows Arbitrary File Read 8 hours ago
  • Fix available
  • Severity - 5.9 (Medium)
GHSA-3vj8-jmxq-cgj5
  • npm/h3
 h3 has a middleware bypass with one gadget 8 hours ago
  • Fix available
  • Severity - 7.4 (High)
GHSA-26f5-8h2x-34xh
  • npm/h3
 h3 has an observable timing discrepancy in basic auth utils 8 hours ago
  • Fix available
  • Severity - 5.9 (Medium)
GHSA-22cc-p3c6-wpvm
  • npm/h3
 h3 has a Server-Sent Events Injection via Unsanitized Newlines in Event Stream Fields 8 hours ago
  • Fix available
  • Severity - 7.5 (High)
GHSA-87v3-4cfp-cm76
  • npm/@pdfme/schemas
 Cross-Site Scripting (XSS) via SVG Schema innerHTML Injection in @pdfme/schemas 8 hours ago
  • Fix available
  • Severity - 6.1 (Medium)
GHSA-qq9g-96v4-m3cj
  • npm/@pdfme/schemas
 Cross-Site Scripting (XSS) via Select Schema Option Value Injection in @pdfme/schemas 8 hours ago
  • Fix available
  • Severity - 6.1 (Medium)
GHSA-8mpm-q7mh-8fvh
  • npm/@capgo/cli
 Capgo CLI: symlink-following local secret writes enable arbitrary file overwrite + world-readable credentials (0600 missing) 8 hours ago
  • Fix available
  • Severity - 8.6 (High)
GHSA-3xm7-qw7j-qc8v
  • npm/@aborruso/ckan-mcp-server
 SSRF in @aborruso/ckan-mcp-server via base_url allows access to internal networks 11 hours ago
  • Fix available
  • Severity - 5.3 (Medium)
Load more...