Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
schema project schema vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2022-33154
The schema (aka Embedding schema.org vocabulary) extension prior to 1.13.1 and 2.x prior to 2.5.1 for TYPO3 allows XSS.
Schema Project Schema
9.8
CVSSv3
CVE-2019-10781
In schema-inspector prior to 1.6.9, a maliciously crafted JavaScript object can bypass the `sanitize()` and the `validate()` function used within schema-inspector.
Schema-inspector Project Schema-inspector
7.5
CVSSv3
CVE-2020-7742
This affects the package simpl-schema prior to 1.10.2.
Simpl-schema Project Simpl-schema
9.8
CVSSv3
CVE-2021-3918
json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Json-schema Project Json-schema
Debian Debian Linux 10.0
3 Github repositories
7.5
CVSSv3
CVE-2021-21267
Schema-Inspector is an open-source tool to sanitize and validate JS objects (npm package schema-inspector). In before version 2.0.0, email address validation is vulnerable to a denial-of-service attack where some input (for example `a@0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0...
Schema-inspector Project Schema-inspector
Netapp Oncommand Insight -
Netapp E-series Performance Analyzer -
7.5
CVSSv3
CVE-2021-31671
pgsync prior to 0.6.7 is affected by Information Disclosure of sensitive information. Syncing the schema with the --schema-first and --schema-only options is mishandled. For example, the sslmode connection parameter may be lost, which means that SSL would not be used.
Pgsync Project Pgsync
7.2
CVSSv3
CVE-2020-7777
This affects all versions of package jsen. If an attacker can control the schema file, it could run arbitrary JavaScript code on the victim machine. In the module description and README file there is no mention about the risks of untrusted schema files, so I assume that this is a...
Jsen Project Jsen
6.5
CVSSv3
CVE-2016-0767
PostgreSQL PL/Java prior to 1.5.0 allows remote authenticated users with USAGE permission on the public schema to alter the public schema classpath.
Pl/java Project Pl/java
5.3
CVSSv3
CVE-2018-17175
In the marshmallow library prior to 2.15.1 and 3.x prior to 3.0.0b9 for Python, the schema "only" option treats an empty list as implying no "only" option, which allows a request that was intended to expose no fields to instead expose all fields (if the schema...
Marshmallow Project Marshmallow
4 Github repositories
9.8
CVSSv3
CVE-2020-28464
This affects the package djv prior to 2.1.4. By controlling the schema file, an attacker can run arbitrary JavaScript code on the victim machine.
Djv Project Djv
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »