📦 Graalvm

Node.js DNS library vulnerability allows remote code execution, XSS, and application crashes due to improper validation of DNS responses. Attackers can inject malicious hostnames leading to domain hij...

The Python ipaddress library incorrectly interprets IP addresses with leading zeros in octets, treating them as octal numbers instead of decimal. This allows attackers to bypass IP-based access contro...

This vulnerability in Oracle Java's JAXP component allows unauthenticated attackers to access sensitive data via network protocols. It affects multiple Java SE and GraalVM versions, particularly impac...

This vulnerability in Oracle Java SE and GraalVM networking components allows unauthenticated attackers with network access to bypass Java sandbox security and access critical data. It primarily affec...

This vulnerability in Oracle Java's 2D component allows an unauthenticated attacker with network access to potentially compromise Java SE, GraalVM for JDK, and GraalVM Enterprise Edition. It primarily...

This vulnerability in Java Secure Socket Extension (JSSE) allows attackers to manipulate or access critical data in Java applications. It affects multiple Oracle Java SE and GraalVM versions and can b...

This Java security vulnerability allows attackers to bypass sandbox protections in client-side Java deployments. It affects Java SE, GraalVM for JDK, and GraalVM Enterprise Edition when running untrus...

This vulnerability in Oracle Java SE and GraalVM allows unauthenticated attackers with network access to modify critical data in Java deployments that run untrusted code, such as sandboxed Java Web St...

This vulnerability in Oracle Java SE and GraalVM Enterprise Edition's JSSE component allows attackers to compromise confidentiality and integrity of data via TLS connections. It affects Java deploymen...

CVE-2022-25647 is a deserialization vulnerability in Google's Gson library versions before 2.8.9. Attackers can exploit the writeReplace() method in internal classes to cause denial of service (DoS) a...

This vulnerability in Oracle Java SE and GraalVM Enterprise Edition allows unauthenticated remote attackers to access sensitive data from Java applications. It affects Java deployments running sandbox...

This vulnerability in Oracle Java SE and GraalVM Enterprise Edition allows unauthenticated attackers with network access to modify critical data without authorization. It affects Java deployments runn...

This vulnerability in Node.js allows attackers to bypass certificate name constraints by using arbitrary Subject Alternative Name (SAN) types, particularly URI SANs. It affects Node.js applications th...

This vulnerability in the npm tar package allows attackers to bypass symlink checks by exploiting Unicode normalization and Windows short path behavior. It enables arbitrary file creation/overwrite an...

This vulnerability in @npmcli/arborist allows attackers to write arbitrary files to any location on case-insensitive filesystems by exploiting case-sensitivity conflicts in dependency names. Anyone us...

CVE-2021-22940 is a use-after-free vulnerability in Node.js that allows memory corruption attacks. An attacker could exploit this to potentially execute arbitrary code or crash the Node.js process. Th...

The npm tar package before versions 6.1.1, 5.0.6, 4.4.14, and 3.3.2 has an arbitrary file creation/overwrite vulnerability due to insufficient sanitization of absolute paths. Attackers can create or o...

This OpenSSL vulnerability allows certificate chain validation to be bypassed when the X509_V_FLAG_X509_STRICT flag is explicitly set. It affects applications using OpenSSL 1.1.1h-1.1.1j that enable s...

Node.js servers are vulnerable to denial of service attacks when attackers establish numerous connections with unknown protocols, causing file descriptor leaks. This can exhaust system resources, prev...

This vulnerability in Oracle Java SE and GraalVM allows an unauthenticated attacker with network access to potentially modify critical data through difficult-to-exploit attacks. It affects multiple Ja...

This vulnerability in Oracle Java SE and GraalVM's 2D component allows an unauthenticated attacker with network access to potentially compromise Java deployments. It primarily affects clients running ...

This vulnerability in Oracle Java SE's 2D component allows unauthenticated attackers with network access to potentially modify or read some accessible data. It affects multiple Java versions and Graal...