Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
schema project schema vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2022-33154
The schema (aka Embedding schema.org vocabulary) extension prior to 1.13.1 and 2.x prior to 2.5.1 for TYPO3 allows XSS.
Schema Project Schema
7.5
CVSSv2
CVE-2019-10781
In schema-inspector prior to 1.6.9, a maliciously crafted JavaScript object can bypass the `sanitize()` and the `validate()` function used within schema-inspector.
Schema-inspector Project Schema-inspector
5
CVSSv2
CVE-2020-7742
This affects the package simpl-schema prior to 1.10.2.
Simpl-schema Project Simpl-schema
7.5
CVSSv2
CVE-2021-3918
json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Json-schema Project Json-schema
Debian Debian Linux 10.0
3 Github repositories
5
CVSSv2
CVE-2021-21267
Schema-Inspector is an open-source tool to sanitize and validate JS objects (npm package schema-inspector). In before version 2.0.0, email address validation is vulnerable to a denial-of-service attack where some input (for example `a@0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0...
Schema-inspector Project Schema-inspector
Netapp Oncommand Insight -
Netapp E-series Performance Analyzer -
5
CVSSv2
CVE-2021-31671
pgsync prior to 0.6.7 is affected by Information Disclosure of sensitive information. Syncing the schema with the --schema-first and --schema-only options is mishandled. For example, the sslmode connection parameter may be lost, which means that SSL would not be used.
Pgsync Project Pgsync
6.5
CVSSv2
CVE-2020-7777
This affects all versions of package jsen. If an attacker can control the schema file, it could run arbitrary JavaScript code on the victim machine. In the module description and README file there is no mention about the risks of untrusted schema files, so I assume that this is a...
Jsen Project Jsen
4
CVSSv2
CVE-2016-0767
PostgreSQL PL/Java prior to 1.5.0 allows remote authenticated users with USAGE permission on the public schema to alter the public schema classpath.
Pl/java Project Pl/java
5
CVSSv2
CVE-2018-17175
In the marshmallow library prior to 2.15.1 and 3.x prior to 3.0.0b9 for Python, the schema "only" option treats an empty list as implying no "only" option, which allows a request that was intended to expose no fields to instead expose all fields (if the schema...
Marshmallow Project Marshmallow
4 Github repositories
10
CVSSv2
CVE-2020-28464
This affects the package djv prior to 2.1.4. By controlling the schema file, an attacker can run arbitrary JavaScript code on the victim machine.
Djv Project Djv
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege
CVE-2022-48762
CVE-2022-48751
CVE-2024-37079
CVE-2024-30848
LFI
man-in-the-middle
CVE-2022-48736
CVE-2024-30103
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »