Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-9jpj-g8vv-j5mf
  • npm/openclaw
 OpenClaw: Gemini OAuth exposed the PKCE verifier through the OAuth state parameter 22 hours ago
  • Fix available
  • Severity - 7.0 (High)
GHSA-737v-mqg7-c878
  • npm/defu
 defu: Prototype pollution via `__proto__` key in defaults argument 22 hours ago
  • Fix available
  • Severity - 7.5 (High)
GHSA-38hg-ww64-rrwc
  • npm/directus
 Directus: Authenticated Users Can Extract Concealed Fields via Aggregate Queries 22 hours ago
  • Fix available
  • Severity - 8.1 (High)
GHSA-6q22-g298-grjh
  • npm/directus
 Directus: Unauthenticated Denial of Service via GraphQL Alias Amplification of Expensive Health Check Resolver 22 hours ago
  • Fix available
  • Severity - 7.5 (High)
GHSA-ph52-67fq-75wj
  • npm/directus
 Directus: GraphQL Alias Amplification Denial of Service Due to Missing Query Cost/Complexity Limits 22 hours ago
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-mvv8-v4jj-g47j
  • npm/directus
 Directus: Sensitive fields exposed in revision history 22 hours ago
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-qqmv-5p3g-px89
  • npm/directus
 Directus: TUS Upload Authorization Bypass Allows Arbitrary File Overwrite 22 hours ago
  • Fix available
  • Severity - 7.1 (High)
GHSA-wv3h-5fx7-966h
  • npm/directus
 Directus: SSRF Protection Bypass via IPv4-Mapped IPv6 Addresses in File Import 22 hours ago
  • Fix available
  • Severity - 7.7 (High)
GHSA-wxwm-3fxv-mrvx
  • npm/directus
 Directus: GraphQL Schema SDL Disclosure Setting 22 hours ago
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-cf45-hxwj-4cfj
  • npm/directus
 Directus: Open Redirect via Parser Bypass in OAuth2/SAML Authentication Flow 22 hours ago
  • Fix available
  • Severity - 6.1 (Medium)
GHSA-q75c-4gmv-mg9x
  • npm/directus
 Directus: Open Redirect in Admin 2FA Setup Page 22 hours ago
  • Fix available
  • Severity - 4.3 (Medium)
GHSA-393c-p46r-7c95
  • npm/directus
 Directus: Path Traversal and Broken Access Control in File Management API 22 hours ago
  • Fix available
  • Severity - 8.5 (High)
GHSA-8m32-p958-jg99
  • npm/directus
 Directus: Missing Cross-Origin Opener Policy 22 hours ago
  • Fix available
  • Severity - 8.7 (High)
GHSA-fcm4-4pj2-m5hf
  • npm/@budibase/server
 Budibase: Unauthenticated Remote Code Execution via Webhook Trigger and Bash Automation Step 22 hours ago
  • Fix available
  • Severity - 9.0 (Critical)
GHSA-2wfh-rcwf-wh23
  • npm/@budibase/server
 Budibase: Path traversal in plugin file upload enables arbitrary directory deletion and file write 22 hours ago
  • Fix available
  • Severity - 8.7 (High)
GHSA-5qhv-x9j4-c3vm
  • npm/@mobilenext/mobile-mcp
 @mobilenext/mobile-mcp: Arbitrary Android Intent Execution via mobile_open_url 23 hours ago
  • Fix available
  • Severity - 8.3 (High)
Load more...