Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-6qh5-m6g3-xhq6
  • npm/parse-server
 Parse Server LiveQuery subscription query depth bypass 3 hours ago
  • Fix available
  • Severity - 8.2 (High)
GHSA-9fjp-q3c4-6w3j
  • npm/parse-server
 Parse Server has a query condition depth bypass via pre-validation transform pipeline 4 hours ago
  • Fix available
  • Severity - 8.7 (High)
GHSA-4hxc-9384-m385
  • npm/h3
 h3: SSE Event Injection via Unsanitized Carriage Return (`\r`) in EventStream Data and Comment Fields (Bypass of CVE Fix) 4 hours ago
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-2j6q-whv2-gh6w
  • npm/h3
 h3: Missing Path Segment Boundary Check in `mount()` Causes Middleware Execution on Unrelated Prefix-Matching Routes 4 hours ago
  • Fix available
  • Severity - 3.7 (Low)
GHSA-72gr-qfp7-vwhw
  • npm/h3
 h3: Double Decoding in `serveStatic` Bypasses `resolveDotSegments` Path Traversal Protection via `%252e%252e` 4 hours ago
  • Fix available
  • Severity - 5.9 (Medium)
GHSA-8cpq-38p9-67gx
  • npm/kysely
 Kysely has a MySQL SQL Injection via Insufficient Backslash Escaping in `sql.lit(string)` usage or similar methods that append string literal values into the compiled SQL strings 4 hours ago
  • Fix available
  • Severity - 8.1 (High)
GHSA-fr9j-6mvq-frcv
  • npm/kysely
 Kysely has a MySQL SQL Injection via Backslash Escape Bypass in non-type-safe usage of JSON path keys. 4 hours ago
  • Fix available
  • Severity - 8.1 (High)
GHSA-qpc3-fg4j-8hgm
  • npm/parse-server
 Parse Server has a protected field change detection oracle via LiveQuery watch parameter 4 hours ago
  • Fix available
  • Severity - 6.3 (Medium)
GHSA-pgx6-7jcq-2qff
  • npm/@pdfme/common
 PDFME has SSRF via Unvalidated URL Fetch in `getB64BasePdf` When `basePdf` Is Attacker-Controlled 4 hours ago
  • Fix available
  • Severity - 6.8 (Medium)
GHSA-xgx4-2wgv-4jhm
  • npm/@pdfme/schemas
 PDFME has XSS via Unsanitized i18n Label Injection into innerHTML in multiVariableText propPanel 4 hours ago
  • Fix available
  • Severity - 4.4 (Medium)
GHSA-vrqm-gvq7-rrwh
  • npm/@pdfme/pdf-lib
 PDFME Affected by Decompression Bomb in FlateDecode Stream Parsing Causes Memory Exhaustion DoS 4 hours ago
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-fph2-r4qg-9576
  • npm/parse-server
 Parse Server's LiveQuery bypasses CLP pointer permission enforcement 4 hours ago
  • Fix available
  • Severity - 7.1 (High)
GHSA-7j2x-32w6-p43p
  • npm/@dicebear/converter
 SVG Dimension Capping Bypass via XML Comment Injection in @dicebear/converter ensureSize() 4 hours ago
  • Fix available
  • Severity - 7.5 (High)
GHSA-38f7-945m-qr2g
  • npm/effect
 Effect `AsyncLocalStorage` context lost/contaminated inside Effect fibers under concurrent load with RPC 4 hours ago
  • Fix available
  • Severity - 7.4 (High)
GHSA-7f6v-3gx7-27q8
  • npm/@orpc/openapi
 oRPC has Stored XSS in OpenAPI Reference Plugin via unescaped JSON.stringify 8 hours ago
  • Fix available
  • Severity - 8.2 (High)
MAL-2026-2003
  • npm/shakti-strings
 Malicious code in shakti-strings (npm) 8 hours ago
  • No fix available
Load more...