Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-4j36-39gm-8vq8
  • npm/@oneuptime/common
 OneUptime: Synthetic Monitor RCE via exposed Playwright browser object yesterday
  • Fix available
  • Severity - 9.9 (Critical)
GHSA-qr2g-p6q7-w82m
  • Go/github.com/coinbase/x402/go
  • PyPI/x402
  • npm/@x402/svm
 x402 SDK Security Advisory yesterday
  • Fix available
GHSA-6f6w-6j58-rq76
  • npm/shescape
 Shescape has possible misidentification of shell due to link chains yesterday
  • Fix available
  • Severity - 2.9 (Low)
GHSA-c8m8-3jcr-6rj5
  • npm/@frangoteam/fuxa
 FUXA has a hardcoded fallback JWT signing secret yesterday
  • Fix available
  • Severity - 8.1 (High)
GHSA-h343-gg57-2q67
  • npm/@oneuptime/common
 OneUpTime's Unsandboxed Code Execution in Probe Allows Any Project Member to Achieve RCE yesterday
  • Fix available
  • Severity - 9.9 (Critical)
GHSA-q6wc-xx4m-92fj
  • npm/@powersync/service-core
  • npm/@powersync/service-sync-rules
 PowerSync: Some sync filters ignored on 1.20.0 using `config.edition: 3` yesterday
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-9cp7-3q5w-j92g
  • npm/parse-server
 parse-server: Malformed `$regex` query leaks database error details in API response yesterday
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-5f53-522j-j454
  • npm/flowise
 Flowise Missing Authentication on NVIDIA NIM Endpoints yesterday
  • Fix available
  • Severity - 7.7 (High)
GHSA-cwc3-p92j-g7qm
  • npm/flowise
 Flowise has IDOR leading to Account Takeover and Enterprise Feature Bypass via SSO Configuration yesterday
  • Fix available
  • Severity - 8.8 (High)
GHSA-mq4r-h2gh-qv7x
  • npm/flowise
 Flowise Allows Mass Assignment in `/api/v1/leads` Endpoint yesterday
  • Fix available
  • Severity - 7.7 (High)
GHSA-j8g8-j7fc-43v6
  • npm/flowise
 Flowise has Arbitrary File Upload via MIME Spoofing yesterday
  • Fix available
  • Severity - 8.2 (High)
GHSA-wvhq-wp8g-c7vq
  • npm/flowise
 Flowise has Authorization Bypass via Spoofed x-request-from Header yesterday
  • Fix available
  • Severity - 8.7 (High)
GHSA-m4h2-mjfm-mp55
  • npm/mercurius
 Mercurius's queryDepth limit bypassed for WebSocket subscriptions yesterday
  • Fix available
  • Severity - 2.7 (Low)
GHSA-79wj-8rqv-jvp5
  • npm/parse-server
 parse-server's endpoint `/loginAs` allows `readOnlyMasterKey` to gain full read and write access as any user yesterday
  • Fix available
  • Severity - 8.5 (High)
GHSA-xfh7-phr7-gr2x
  • npm/parse-server
 parse-server's file creation and deletion bypasses `readOnlyMasterKey` write restriction yesterday
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-9r75-g2cr-3h76
  • npm/@workflow/core
  • npm/workflow
 Vercel Workflow Allows Webhook Creation with Predictable User-Specified Tokens yesterday
  • Fix available
  • Severity - 5.3 (Medium)
Load more...