GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: aws-ebs-csi-driver, terragrunt, sops, oauth2-proxy, goreleaser, kyverno-policy-reporter, atlantis, ollama, cloudflared, kubernetes-csi-external-resizer, osv-scanner, actions-runner-controller, crossplane-provider-aws, prometheus-operator, nats, istio-cni, rekor,...
7.5AI Score
CVE-2024-24786 vulnerabilities
Vulnerabilities for packages: aws-ebs-csi-driver, terragrunt, sops, oauth2-proxy, goreleaser, kyverno-policy-reporter, atlantis, ollama, cloudflared, kubernetes-csi-external-resizer, osv-scanner, actions-runner-controller, crossplane-provider-aws, prometheus-operator, nats, istio-cni, rekor,...
6.7AI Score
0.0004EPSS
CVE-2023-45288 vulnerabilities
Vulnerabilities for packages: dask-gateway, prometheus-operator, nri-nginx, nri-mssql, up, nri-nagios, delve, supercronic, crane, cue, esbuild, opentofu, step, task, prometheus-beat-exporter, tigera-operator, keda, ko, cilium, aws-network-policy-agent, containerd, hcloud, gitsign,...
7AI Score
0.0004EPSS
GHSA-4V7X-PQXF-CX7M vulnerabilities
Vulnerabilities for packages: dask-gateway, prometheus-operator, nri-nginx, nri-mssql, up, nri-nagios, delve, supercronic, crane, cue, esbuild, opentofu, step, task, prometheus-beat-exporter, tigera-operator, keda, ko, cilium, aws-network-policy-agent, containerd, hcloud, gitsign,...
7.5AI Score
GHSA-9763-4F94-GFCH vulnerabilities
Vulnerabilities for packages: terragrunt, flux-kustomize-controller, sops, gitsign, goreleaser, gitness, actions-runner-controller, crossplane-provider-aws, melange, falco, pulumi-language-dotnet, rclone, pulumi-language-yaml, flux-image-automation-controller, pulumi-language-java, grafana, apko,.....
7.5AI Score
Exploit for Type Confusion in Google Chrome
Chrome Renderer 1day RCE via Type Confusion in Async Stack...
7.7AI Score
0.001EPSS
Malicious code in stablecoin-evm (npm)
This package is considered malicious because it communicates with a domain associated with malicious activity and the package executes one or more commands associated with malicious...
7.3AI Score
Malicious code in xloportailcfn (npm)
This package is considered malicious because it communicates with a domain associated with malicious activity and the package executes one or more commands associated with malicious...
7.3AI Score
The snapctl component within snapd allows a confined snap to interact with the snapd daemon to take certain privileged actions on behalf of the snap. It was found that snapctl did not properly parse command-line arguments, allowing an unprivileged user to trigger an authorised action on behalf of.....
6.9AI Score
javascript-deobfuscator removes common JavaScript obfuscation techniques. In affected versions crafted payloads targeting expression simplification can lead to code execution. This issue has been patched in version 1.1.0. Users are advised to update. Users unable to upgrade should disable the...
6.8AI Score
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (646cbea8c3285f55f7f26b096cd9a63f91fdf4c4b06370aa92226ea3316bebba) The OpenSSF Package Analysis project identified 'drata' @ 1.0.0 (npm) as malicious. It is considered malicious because: The package communicates...
7.1AI Score
Malicious code in numberpy (PyPI)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (e10120613afbbf32d487584c68eaf1ae7f4fc0674f1f119d86beae630a3b9070) The OpenSSF Package Analysis project identified 'numberpy' @ 0.1.0 (pypi) as malicious. It is considered malicious because: The package...
7.1AI Score
CVE-2024-5436 Type Confusion in Snapchat Lenscore
Type confusion in Snapchat LensCore could lead to denial of service or arbitrary code execution prior to version 12.88. We recommend upgrading to version 12.88 or...
8AI Score
Malicious code in reqwestss (PyPI)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (1b49654324e091538657038a1288d05e2879c02d73bec38baeae681b0a26f5b9) The OpenSSF Package Analysis project identified 'reqwestss' @ 0.1.0 (pypi) as malicious. It is considered malicious because: The package...
7.1AI Score
Malicious code in pinyin-pra (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (9b8720c87d902e268ccf6e9db13f00285998cf35b280a6851ef9c3c23b3f0d6b) The OpenSSF Package Analysis project identified 'pinyin-pra' @ 1.0.3 (npm) as malicious. It is considered malicious because: The package...
7.1AI Score
Heap-buffer-overflow in ubidi_writeReordered_76
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=68624 Crash type: Heap-buffer-overflow READ 1 Crash state: ubidi_writeReordered_76...
7.2AI Score
Use after free in Presentation API in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Notes Author| Note ---|--- alexmurray | The Debian chromium source package is called...
7.5AI Score
Out of bounds memory access in Keyboard Inputs in Google Chrome prior to 125.0.6422.141 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Notes Author| Note ---|---...
7.2AI Score
Heap buffer overflow in WebRTC in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Notes Author| Note ---|--- alexmurray | The Debian chromium source package is called chromium-browser....
7.6AI Score
Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Notes Author| Note ---|--- alexmurray | The Debian chromium source package is called chromium-browser in...
7.5AI Score
Out of bounds write in Streams API in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) Notes Author| Note ---|--- alexmurray | The Debian chromium source package is called...
8AI Score
Use after free in Media Session in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) Notes Author| Note ---|--- alexmurray | The Debian chromium source package is called...
8.3AI Score
Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Notes Author| Note ---|--- alexmurray | The Debian chromium source package is called chromium-browser in...
7.5AI Score
Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...
7.4AI Score
Out of bounds write in Streams API in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity:...
7.9AI Score
Out of bounds write in Streams API in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity:...
7.6AI Score
Out of bounds memory access in Keyboard Inputs in Google Chrome prior to 125.0.6422.141 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...
7AI Score
Heap buffer overflow in WebRTC in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...
7.5AI Score
Use after free in Media Session in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity:...
8.2AI Score
Out of bounds memory access in Keyboard Inputs in Google Chrome prior to 125.0.6422.141 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...
6.8AI Score
Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...
7AI Score
Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...
7AI Score
Use after free in Media Session in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity:...
7.9AI Score
Use after free in Presentation API in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...
7.4AI Score
Out of bounds write in Streams API in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity:...
7.7AI Score
Use after free in Presentation API in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...
7.2AI Score
Out of bounds memory access in Keyboard Inputs in Google Chrome prior to 125.0.6422.141 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...
6.6AI Score
Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...
7.4AI Score
Heap buffer overflow in WebRTC in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...
7.1AI Score
Malicious code in cedar-snippet (npm)
This package is considered malicious because it communicates with a domain associated with malicious activity and the package executes one or more commands associated with malicious...
7.3AI Score
Use after free in Presentation API in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...
7.1AI Score
Out of bounds write in Streams API in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity:...
7.5AI Score
Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...
7.1AI Score
Use after free in Media Session in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity:...
7.9AI Score
Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...
7.1AI Score
Out of bounds memory access in Keyboard Inputs in Google Chrome prior to 125.0.6422.141 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...
6.7AI Score
Heap buffer overflow in WebRTC in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...
7.2AI Score
Malicious code in nespresso-design-system (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (f0a61baf0ee22e6b01f2b5c503635a1469a88a127abcedb3dfcddbad7c99fcee) The OpenSSF Package Analysis project identified 'nespresso-design-system' @ 99.50.2 (npm) as malicious. It is considered malicious because: The...
7.1AI Score
TYPO3 Cross-Site Scripting vulnerability in typolinks
All link fields within the TYPO3 installation are vulnerable to Cross-Site Scripting as authorized editors can insert javascript commands by using the url scheme...
6.7AI Score
Malicious code in test-pen-testers (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (eeac77882c1a0376e4da60196b150d3c704aebc2e1a1188952be218b9d56332a) The OpenSSF Package Analysis project identified 'test-pen-testers' @ 99.1.1 (npm) as malicious. It is considered malicious because: The package...
7.3AI Score