Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
schema project schema vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2021-31671
pgsync prior to 0.6.7 is affected by Information Disclosure of sensitive information. Syncing the schema with the --schema-first and --schema-only options is mishandled. For example, the sslmode connection parameter may be lost, which means that SSL would not be used.
Pgsync Project Pgsync
5
CVSSv2
CVE-2021-21267
Schema-Inspector is an open-source tool to sanitize and validate JS objects (npm package schema-inspector). In before version 2.0.0, email address validation is vulnerable to a denial-of-service attack where some input (for example `a@0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0...
Schema-inspector Project Schema-inspector
Netapp Oncommand Insight -
Netapp E-series Performance Analyzer -
4.3
CVSSv2
CVE-2021-21238
PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 prior to 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnerability is a variant of XML S...
Pysaml2 Project Pysaml2
10
CVSSv2
CVE-2020-28464
This affects the package djv prior to 2.1.4. By controlling the schema file, an attacker can run arbitrary JavaScript code on the victim machine.
Djv Project Djv
5
CVSSv2
CVE-2020-26254
omniauth-apple is the OmniAuth strategy for "Sign In with Apple" (RubyGem omniauth-apple). In omniauth-apple before version 1.0.1 attackers can fake their email address during authentication. This vulnerability impacts applications using the omniauth-apple strategy of O...
Omniauth-apple Project Omniauth-apple
6.5
CVSSv2
CVE-2020-7777
This affects all versions of package jsen. If an attacker can control the schema file, it could run arbitrary JavaScript code on the victim machine. In the module description and README file there is no mention about the risks of untrusted schema files, so I assume that this is a...
Jsen Project Jsen
5
CVSSv2
CVE-2020-7742
This affects the package simpl-schema prior to 1.10.2.
Simpl-schema Project Simpl-schema
7.5
CVSSv2
CVE-2020-10505
The School Manage System prior to 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of SQL Injection, an attacker can use a union based injection query string to get databases schema and username/password.
The School Manage System Project The School Manage System -
7.5
CVSSv2
CVE-2019-10781
In schema-inspector prior to 1.6.9, a maliciously crafted JavaScript object can bypass the `sanitize()` and the `validate()` function used within schema-inspector.
Schema-inspector Project Schema-inspector
5
CVSSv2
CVE-2018-17175
In the marshmallow library prior to 2.15.1 and 3.x prior to 3.0.0b9 for Python, the schema "only" option treats an empty list as implying no "only" option, which allows a request that was intended to expose no fields to instead expose all fields (if the schema...
Marshmallow Project Marshmallow
4 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30078
CVE-2024-37896
code injection
CVE-2024-3080
CVE-2024-5172
cross-site request forgery
CVE-2024-6111
firmware
CVE-2024-38504
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »