Bugs with TODO items

Hide "check" TODOs

BugDescriptionNote
CVE-2009-20005A stack-based buffer overflow exists in the UtilConfigHome.csp endpoin ...check
CVE-2022-23538github.com/sylabs/scs-library-client is the Go client for the Singular ...check details, might as well affect golang-github-apptainer-container-library-client
CVE-2023-26044react/http is an event-driven, streaming HTTP client and server implem ...check, is embedded inicinga-php-thirdparty, icingaweb2-module-reactbundle possibly affected
CVE-2023-49316In Math/BinaryField.php in phpseclib 3 before 3.0.34, excessively larg ...check if affecting ldap-account-manager or unused path
CVE-2023-50251php-svg-lib is an SVG file parsing / rendering library. Prior to versi ...check, other packages are embedding the library: civicrm, icinga-php-thirdparty and icingaweb2 to be checked
CVE-2023-50252php-svg-lib is an SVG file parsing / rendering library. Prior to versi ...check, other packages are embedding the library: civicrm, icinga-php-thirdparty and icingaweb2 to be checked
CVE-2023-50262Dompdf is an HTML to PDF converter for PHP. When parsing SVG images Do ...check sources embedding php-dompdf if affected
CVE-2024-22420JupyterLab is an extensible environment for interactive and reproducib ...check completeness, src:jupyter-notebook?
CVE-2024-22421JupyterLab is an extensible environment for interactive and reproducib ...check completeness, src:jupyter-notebook?
CVE-2025-0419Improper Neutralization of Input During Web Page Generation (XSS or 'C ...check
CVE-2025-0420Improper Neutralization of Input During Web Page Generation (XSS or 'C ...check
CVE-2025-0546Improper Neutralization of Input During Web Page Generation (XSS or 'C ...check
CVE-2025-0879Improper Neutralization of Input During Web Page Generation (XSS or 'C ...check
CVE-2025-4382A flaw was found in systems utilizing LUKS-encrypted disks with GRUB c ...double check if vulnerability only considered present after grub_is_cli_disabled is introduced
CVE-2025-4690A regular expression used by AngularJS' linky https://docs.angularjs.o ...check
CVE-2025-4953A flaw was found in Podman. In a Containerfile or Podman, data written ...check details
CVE-2025-6499A vulnerability classified as problematic was found in vstakhov libucl ...check if impacts security wise rspamd, which embeds libucl and uses it a compile time
CVE-2025-8077A vulnerability exists in NeuVector versions up to and including 5.4.5 ...check
CVE-2025-8411Improper Neutralization of Input During Web Page Generation (XSS or 'C ...check
CVE-2025-8463Authorization Bypass Through User-Controlled Key vulnerability in Nebu ...check
CVE-2025-8671A mismatch caused by client-triggered server-sent stream resets betwee ...check, some projects will assign own CVEs and should then be covered under that specific CVE instead
CVE-2025-8941A flaw was found in linux-pam. The pam_namespace module may improperly ...check if RedHat specific incomplete fix for CVE-2025-6020
CVE-2025-9708A vulnerability exists in the Kubernetes C# client where the certifica ...check
CVE-2025-9862Server-Side Request Forgery (SSRF) vulnerability in Ghost allows an at ...check
CVE-2025-10155An Improper Input Validation vulnerability in the scanning logic of mm ...check
CVE-2025-10156An Improper Handling of Exceptional Conditions vulnerability in the ZI ...check
CVE-2025-10157A Protection Mechanism Failure vulnerability in mmaitre314 picklescan ...check
CVE-2025-10290Opening links via the contextual menu in Focus iOS for certain URL sch ...check
CVE-2025-10439Improper Neutralization of Special Elements used in an SQL Command ('S ...check
CVE-2025-10492A Java deserialisation vulnerability has been discovered in Jaspersoft ...check
CVE-2025-10592A security vulnerability has been detected in itsourcecode Online Publ ...check
CVE-2025-10597A vulnerability was determined in kidaze CourseSelectionSystem up to 4 ...check
CVE-2025-10615A vulnerability was identified in itsourcecode E-Commerce Website 1.0. ...check
CVE-2025-35430CISA Thorium does not adequately validate the paths of downloaded file ...check
CVE-2025-35431CISA Thorium does not escape user controlled strings used in LDAP quer ...check
CVE-2025-35432CISA Thorium does not rate limit requests to send account verification ...check
CVE-2025-35433CISA Thorium does not properly invalidate previously used tokens when ...check
CVE-2025-35434CISA Thorium does not validate TLS certificates when connecting to Ela ...check
CVE-2025-35435CISA Thorium accepts a stream split size of zero then divides by this ...check
CVE-2025-35436CISA Thorium uses '.unwrap()' to handle errors related to account veri ...check
CVE-2025-43960Adminer 4.8.1, when using Monolog for logging, allows a Denial of Serv ...check, does not seem to be fixed in 4.8.2 and later versions
CVE-2025-45091Seafile versions 11.0.18-Pro, 12.0.10, and 12.0.10-Pro are vulnerable ...check
CVE-2025-50709An issue in Perplexity AI GPT-4 allows a remote attacker to obtain sen ...check
CVE-2025-53884NeuVector stores user passwords and API keys using a simple, unsalted ...check
CVE-2025-54467When a Java command with password parameters is executed and terminate ...check
CVE-2025-55904Open5GS v2.7.5, prior to commit 67ba7f92bbd7a378954895d96d9d7b05d5b646 ...check
CVE-2025-56648npm parcel 2.0.0-alpha and before has an Origin Validation Error vulne ...check
CVE-2025-57055WonderCMS 3.5.0 is vulnerable to Server-Side Request Forgery (SSRF) in ...check
CVE-2025-58064CKEditor 5 is a modern JavaScript rich-text editor with an MVC archite ...check
CVE-2025-58431ZimaOS is a fork of CasaOS, an operating system for Zima devices and x ...check
CVE-2025-58432ZimaOS is a fork of CasaOS, an operating system for Zima devices and x ...check
CVE-2025-58766Dyad is a local AI app builder. A critical security vulnerability has ...check
CVE-2025-58767REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 h ...check
CVE-2025-59304A directory traversal issue in Swetrix Web Analytics API 3.1.1 before ...check
CVE-2025-59339The Bastion provides authentication, authorization, traceability and a ...check
CVE-2025-59340jinjava is a Java-based template engine based on django template synta ...check
CVE-2025-59341esm.sh is a nobuild content delivery network(CDN) for modern web devel ...check
CVE-2025-59342esm.sh is a nobuild content delivery network(CDN) for modern web devel ...check
CVE-2025-59345Dragonfly is an open source P2P-based file distribution and image acce ...check
CVE-2025-59346Dragonfly is an open source P2P-based file distribution and image acce ...check
CVE-2025-59347Dragonfly is an open source P2P-based file distribution and image acce ...check
CVE-2025-59348Dragonfly is an open source P2P-based file distribution and image acce ...check
CVE-2025-59349Dragonfly is an open source P2P-based file distribution and image acce ...check
CVE-2025-59350Dragonfly is an open source P2P-based file distribution and image acce ...check
CVE-2025-59351Dragonfly is an open source P2P-based file distribution and image acce ...check
CVE-2025-59352Dragonfly is an open source P2P-based file distribution and image acce ...check
CVE-2025-59353Dragonfly is an open source P2P-based file distribution and image acce ...check
CVE-2025-59354Dragonfly is an open source P2P-based file distribution and image acce ...check
CVE-2025-59410Dragonfly is an open source P2P-based file distribution and image acce ...check
CVE-2025-59414Nuxt is an open-source web development framework for Vue.js. Prior to ...check
CVE-2025-59416The Scratch Channel is a news website. If the user makes a fork, they ...check
CVE-2025-59437The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF b ...check details

Search for package or bug name: Reporting problems