dellalibera - Overview (original) (raw)
123
Path Traversal
esbuild
Javascript
122
Unsafe Deserialization
org.deeplearning4j:deeplearning4j (ML Library)
Java
121
CVE-2025-69256
GHSA-rwc2-f344-q6w6
Command Injection / RCE
serverless (MCP Server)
JavaScript
120
Command Injection / RCE
port-kill-mcp
JavaScript
119
CVE-2025-61785
GHSA-vg2r-rmgp-cgqj
Permission Model Bypass
deno
Rust
118
CVE-2025-61786
GHSA-qq26-84mh-26j9
Permission Model Bypass
deno
Rust
117
CVE-2025-53967
GHSA-gxw4-4fc5-9gr5
Command Injection / RCE
figma-developer-mcp
JavaScript
116
CVE-2025-55152
GHSA-r3v7-pc4g-7xp9
Regular Expression Denial of Service (ReDoS)
@oakserver/oak
JavaScript
115
CVE-2025-54798
GHSA-52f5-9888-hmc6
Arbitrary temporary file / directory write
tmp
JavaScript
114
CVE-2025-54387
GHSA-mm3p-j368-7jcr
Path Traversal
ipx
JavaScript
113
CVE-2025-53832
GHSA-xj5p-8h7g-76m7
Command Injection / RCE
@translated/lara-mcp
JavaScript
112
CVE-2025-54073
GHSA-vf9j-h32g-2764
Command Injection / RCE
mcp-package-docs
JavaScript
111
CVE-2025-53355
GHSA-gjv4-ghm7-q58q
Command Injection / RCE
mcp-server-kubernetes
JavaScript
110
CVE-2025-53372
GHSA-5w57-2ccq-8w95
Command Injection / RCE
node-code-sandbox-mcp
JavaScript
109
CVE-2025-53107
GHSA-3q26-f695-pp76
Command Injection / RCE
@cyanheads/git-mcp-server
JavaScript
108
Denial of Service (DoS)
image-size
JavaScript
107
Stored Cross-Site Scripting (XSS)
@saltcorn/server
JavaScript
106
CVE-2024-47818
GHSA-43f3-h63w-p6f6
Path Traversal
@saltcorn/server
JavaScript
105
RCE/SQLi via Prototype Pollution
@saltcorn/server
JavaScript
104
Remote Code Execution (RCE)
@saltcorn/plugins-loader
JavaScript
103
Path Traversal
@saltcorn/server
JavaScript
102
Exposure of Information Through Directory Listing
@saltcorn/server
JavaScript
101
Denial of Service (DoS)
speaker
JavaScript
100
Buffer Overflow
node-twain
JavaScript
99
Out-of-bounds Read
node-stringbuilder
JavaScript
98
Denial of Service (DoS)
images
JavaScript
97
Improper Validation of Array Index
audify
JavaScript
96
Denial of Service (DoS)
@discordjs/opus
JavaScript
95
Command Injection
hashicorp/go-getter
Go
94
CRLF Injection
libhv
C/C++
93
HTTP Response Splitting
libhv
C/C++
92
Cross-Site Scripting (XSS)
libhv
C/C++
91
HTTP Response Splitting
Crow
C/C++
90
CRLF Injection
drogon
C/C++
89
HTTP Response Splitting
drogon
C/C++
88
Regular Expression Denial of Service (ReDoS)
semver
JavaScript
87
Cross-Site Scripting (XSS)
xyproto/algernon
Go
86
CRLF Injection
cpp-httplib
C/C++
85
Cross-Site Scripting (XSS)
grafana/grafana-json-datasource
JavaScript
84
Regular Expression Denial of Service (ReDoS)
deno
Rust
83
CRLF Injection
async-http-client
Swift
82
CRLF Injection
apple/swift-corelibs-foundation
Swift
81
HTTP Response Splitting
apple/swift-nio
Swift
80
Command Injection
cookiecutter
Python
79
Command Injection
hashicorp/go-getter
Go
78
Prototype Pollution
protobufjs
JavaScript
77
Command Injection
workspace-tools
JavaScript
76
Prototype Pollution
convict
JavaScript
75
Remote Code Execution (RCE)
gocd
Java
74
Prototype Pollution
dexie
JavaScript
73
Cross-Site Scripting (XSS)
whoogle-search
Python
72
Command Injection
czproject/git-php
PHP
71
Command Injection
git
Ruby
70
Remote Code Execution (RCE)
ungit
JavaScript
69
Command Injection
cocoapods-downloader
Ruby
68
Command Injection
simple-git
JavaScript
67
Remote Code Execution (RCE)
Weblate
Python
66
Prototype Pollution
nconf
JavaScript
65
Command Injection
Masterminds/vcs
Go
64
Command Injection
cocoapods-downloader
Ruby
63
Command Injection
libvcs
Python
62
Remote Code Execution (RCE)
mozilla/pontoon
Python
61
Prototype Pollution
json-pointer
JavaScript
60
Prototype Pollution
jsonpointer
JavaScript
59
Cross-Site Scripting (XSS)
tempura
JavaScript
58
Prototype Pollution
litespeed.js
JavaScript
58
Prototype Pollution
appwrite/server-ce
JavaScript
57
Prototype Pollution
dotty
JavaScript
56
Denial of Service (DoS)
fastify-multipart
JavaScript
55
Prototype Pollution
json-ptr
JavaScript
54
Cross-Site Scripting (XSS)
bootstrap-table
JavaScript
53
Cross-Site Scripting (XSS)
teddy
JavaScript
52
Cross-Site Scripting (XSS)
datatables.net
JavaScript
51
Prototype Pollution
jointjs
JavaScript
50
Cross-Site Scripting (XSS)
edge.js
JavaScript
49
Prototype Pollution
set-value
JavaScript
48
Prototype Pollution
mpath
JavaScript
47
Prototype Pollution
immer
JavaScript
46
Prototype Pollution
object-path
JavaScript
45
Arbitrary Code Execution
total4
JavaScript
44
Arbitrary Code Execution
total.js
JavaScript
43
Arbitrary Code Execution
underscore
JavaScript
42
Command Injection
madge
JavaScript
41
LDAP Injection
is-user-valid
JavaScript
40
Command Injection
devcert
JavaScript
39
Prototype Pollution
mout
JavaScript
38
Command Injection
node-notifier
JavaScript
37
Arbitrary Code Execution
jsen
JavaScript
36
Prototype Pollution
doc-path
JavaScript
35
Prototype Pollution
json8
JavaScript
34
Prototype Pollution
json-ptr
JavaScript
33
Prototype Pollution
chart.js
JavaScript
32
Prototype Pollution
mathjs
JavaScript
31
Prototype Pollution
simpl-schema
JavaScript
30
Prototype Pollution
merge
JavaScript
29
Prototype Pollution
total.js
JavaScript
28
Command Injection
total.js
JavaScript
27
Prototype Pollution
jointjs
JavaScript
26
Prototype Pollution
gsap
JavaScript
25
Prototype Pollution
immer
JavaScript
24
Arbitrary Code Execution
djv
JavaScript
23
Prototype Pollution
datatables.net
JavaScript
22
Prototype Pollution
js-data
JavaScript
21
Prototype Pollution
style-dictionary
JavaScript
20
Prototype Pollution
highcharts
JavaScript
19
Prototype Pollution
jiff
JavaScript
18
Prototype Pollution
i18next
JavaScript
17
Unsafe Deserialization
props
JavaScript
16
Prototype Pollution
@firebase/util
JavaScript
15
LDAP Injection
meemo-app
JavaScript
14
LDAP Injection
cloudron-surfer
JavaScript
13
Command Injection
wireguard-wrapper
JavaScript
12
Prototype Pollution
plain-object-merge
JavaScript
11
Prototype Pollution
extend-merge
JavaScript
10
Command Injection
gfc
JavaScript
9
Command Injection
diskstats
JavaScript
8
Prototype Pollution
objtools
JavaScript
7
Prototype Pollution
keyd
JavaScript
6
Cross-Site Scripting (XSS)
flsaba
JavaScript
5
Command Injection
extra-asciinema
JavaScript
4
Command Injection
vboxmanage.js
JavaScript
3
Command Injection
extra-ffmpeg
JavaScript
2
Prototype Pollution
object-path-set
JavaScript
1
Command Injection
xps
JavaScript