nes

Denial of Service in nes

flatnest Prototype Pollution vulnerability

Malicious code in @voiceflow/nestjs-rate-limit (npm)

AutoUpdater module fails to validate certain nested components of the bundle

@stablelib/cbor: Stack exhaustion Denial of Service via deeply nested CBOR arrays, maps, or tags

OpenClaw has a Command Injection via unescaped environment assignments in Windows Scheduled Task script generation

OpenClaw's complex interpreter pipelines could skip exec script preflight validation

Potential Authorization Header Exposure in NPM Packages @finastra/nestjs-proxy, @ffdc/nestjs-proxy

Duplicate Advisory: OpenClaw's complex interpreter pipelines could skip exec script preflight validation

Nest has a Fastify URL Encoding Middleware Bypass (TOCTOU)

Malicious code in yamoney-guidelines (npm)

Seroval affected by Denial of Service via Deeply Nested Objects

dojox vulnerable to unescaped string injection

API Admin Auth Weakness in tomato

Parse Server crash via deeply nested query condition operators

Prototype pollution vulnerability in 'libnested'

Prototype Pollution in libnested

Malicious code in business-data (npm)

Malicious code in azure-pipelines-dependency-track (npm)

Open Chinese Convert has Out-of-bounds Write

Parse Server vulnerable to SQL injection via `Increment` operation on nested object field in PostgreSQL

JHipster Kotlin using insecure source of randomness `RandomStringUtils` before v1.2.0

Duplicate Advisory: Command Injection via unescaped environment assignments in Windows Scheduled Task script generation

False-positive validity for NFT1 genesis transactions

Malicious code in com.unity.render-pipelines.high-definition-config (npm)

Malicious code in comcast.business.web.ui.trident (npm)

Malicious code in commandlinesage (npm)

Potential Sensitive Cookie Exposure in NPM Packages @finastra/nestjs-proxy, @ffdc/nestjs-proxy

oRPC has Stored XSS in OpenAPI Reference Plugin via unescaped JSON.stringify

Malicious code in dinesh-dev-nagajikkktest11223qa (npm)

SandboxJS: Stack overflow DoS via deeply nested expressions in recursive descent parser

Duplicate Advisory: Nest has a Fastify URL Encoding Middleware Bypass

@grackle-ai/server: Unescaped Error String in renderPairingPage() HTML Template

Malicious code in pug-web-readiness (npm)

Malicious code in @bmw-chris/onlinesession-default-frontend (npm)

Malicious code in facebook-nodejs-business-sdk-tests (npm)

Malicious code in @edwardjones/fetlife-assets (npm)

@nestjs/core Improperly Neutralizes Special Elements in Output Used by a Downstream Component ('Injection')

Authentication Weakness in keystone

OpenClaw has ReDoS and regex injection via unescaped Feishu mention metadata in RegExp construction

Malicious code in cms-businesslogic (npm)

Malicious code in @epc-libraries/kinesis-service (npm)

Malicious code in @linesearch/swiper (npm)

yaml is vulnerable to Stack Overflow via deeply nested YAML collections

Uncontrolled Resource Consumption in trim-off-newlines

Malicious code in react-liveness (npm)

h3 has a Server-Sent Events Injection via Unsanitized Newlines in Event Stream Fields

Malicious code in @zitterorg/deserunt-nesciunt (npm)

Malicious code in nesiahanzz (npm)

Prototype pollution in nested-object-assign

OpenClaw: ACP prompt-size checks missing in local stdio bridge could reduce responsiveness with very large inputs

False-positive validity for NFT1 genesis transactions in SLPJS

Duplicate Advisory: OpenClaw Node system.run approval context-binding weakness in approval-enabled host=node flows

@nestjs/core vulnerable to Information Exposure via StreamableFile pipe

Malicious code in @diotoborg/accusamus-nesciunt (npm)

Solana Pay Vulnerable to Weakness in Transfer Validation Logic

Malicious code in cmp-ocr-liveness-acquisition (npm)

Malicious code in @zitterorg/mollitia-laborum-nesciunt (npm)

smol-toml: Denial of Service via TOML documents containing thousands of consecutive commented lines

Malicious code in genesys-richmedia (npm)

Malicious code in @voiceflow/nestjs-timeout (npm)

Malicious code in @diotoborg/dolore-nesciunt (npm)

Malicious code in cms-businesslogic-extensions (npm)

DOMpurify has a nesting-based mXSS

Parse Server has a Cross-Site Scripting (XSS) vulnerability via Unescaped Mustache Template Variables

Malicious code in link-outside-nest (npm)

Malicious code in generate_genesis_values (npm)

OpenClaw Node system.run approval context-binding weakness in approval-enabled host=node flows

Prototype pollution in nestie

Malicious code in tailwind-lines-clamp (npm)

Parse Server has denylist `requestKeywordDenylist` keyword scan bypass through nested object placement

Nest has a Fastify URL Encoding Middleware Bypass

Insecure randomness in socket.io

TinyMCE vulnerable to mutation Cross-site Scripting via special characters in unescaped text nodes

Malicious code in obyte-witness (npm)

Malicious code in react-nesting-example-legacy (npm)

Nest Fastify HEAD Request Middleware Bypass

Malicious code in @voiceflow/nestjs-redis (npm)

Malicious code in set-nested-prop (npm)

Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options

Elliptic's verify function omits uniqueness validation

Malicious code in wellness-expert-ng-gallery (npm)

Malicious code in com.unity.editorcoroutines (npm)

Malicious code in bulldog-e-business (npm)

Malicious code in com.unity.render-pipelines.universal-config (npm)

Malicious code in harness-helm-plugin (npm)

Uncontrolled Resource Consumption in trim-newlines

Nest Affected by DoS via Recursive handleData in JsonSocket (TCP Transport)

Malicious code in @sbbol/business (npm)

Malicious code in forge-app-bones (npm)

Malicious code in vzyfxaumldnesjor (npm)

Malicious code in possnested (npm)

PostCSS has XSS via Unescaped </style> in its CSS Stringify Output

Malicious code in @stepstone-genesis/components (npm)

minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions

Malicious code in @exness/select-component-ab (npm)

Malicious code in kubeflow-pipelines (npm)

defuddle vulnerable to XSS via unescaped string interpolation in _findContentBySchemaText image tag

Malicious code in @exnessimo/style (npm)

Electron: Renderer command-line switch injection via undocumented commandLineSwitches webPreference

Malicious code in import-newlines (npm)

Malicious code in broccolifuknnes (npm)

Malicious code in commandinesrgs (npm)

Malicious code in snyk-azure-pipelines-task (npm)

Malicious code in @diotoborg/nesciunt-ullam (npm)

Malicious code in vite-postcss-nested (npm)

Malicious code in @business_promocode/apply_promocode (npm)

Malicious code in @business_promocode/cancel_promocode (npm)

Malicious code in node-business (npm)

Malicious code in vet-bones (npm)

Malicious code in @lbnqduy11805/reimagined-happiness (npm)

Malicious code in @exnessimus/hooks (npm)

Malicious code in nestjs-translator (npm)

Malicious code in clientcore-onesrv-businesslogic (npm)

Malicious code in clientcore-onesrv-serviceclients (npm)

Malicious code in react-nesting-example-modern (npm)

Malicious code in romanes-eunt-domus-jd-1337 (npm)

Malicious code in helm-harness (npm)

Malicious code in @nestor_hexom/garfield (npm)

Malicious code in icnes (npm)

Malicious code in nestjs-ldap-auth (npm)

Malicious code in nestjs-proxy (npm)

Malicious code in clientcore-catalyst-businesslogic (npm)

Malicious code in @diotoborg/harum-nesciunt-dolores (npm)

Malicious code in pipelines-javascript (npm)

Electron context isolation bypass via nested unserializable return value

Malicious code in adc-harness-state (npm)

Malicious code in @zitterorg/nesciunt-quas (npm)

Malicious code in amazon-kinesis-video-streams-webrtc-sdk-js (npm)

Malicious code in business_api_client (npm)

Malicious code in clientcore-base-businesslogic (npm)

Malicious code in @diotoborg/nesciunt-veniam (npm)

Malicious code in safeness-sb-new (npm)

Malicious code in @diotoborg/quae-nesciunt (npm)

Malicious code in @diotoborg/quis-soluta-nesciunt (npm)

Malicious code in barebones-css (npm)

Malicious code in freekws-devportal-api-client-nestjs (npm)

Malicious code in exnessimo (npm)

Malicious code in safeness-backup (npm)

Malicious code in runkit-engines (npm)

Malicious code in httpness (npm)

Malicious code in genesis-volatility-adapter (npm)

Malicious code in genesys-frontend-facade (npm)

Malicious code in @diotoborg/error-nesciunt-qui (npm)

Malicious code in genshin-impact-free-primogems-and-genesis-crystals-2022 (npm)

Malicious code in kinesis-app-panel (npm)

Malicious code in @zitterorg/itaque-nesciunt-voluptatibus (npm)

Malicious code in valentinesgiftt (npm)

Malicious code in ui-platform-business-elements (npm)

Malicious code in @juiggitea/nesciunt-ut-culpa-ad (npm)

Malicious code in jquery-ui-smoothness (npm)

Malicious code in do-wnload-available-2014-20032-happiness-is-happening-2iby6-rsrcqq (npm)

Malicious code in @voiceflow/nestjs-common (npm)

Malicious code in @voiceflow/nestjs-mongodb (npm)

Malicious code in @zitterorg/similique-nesciunt (npm)

Malicious code in @posthog/kinesis-plugin (npm)

Malicious code in skype4business (npm)

fast-xml-parser XMLBuilder: XML Comment and CDATA Injection via Unescaped Delimiters

Malicious code in unescaped (npm)

Malicious code in rxnt-healthchecks-nestjs (npm)

Malicious code in buildkite-pipelines (npm)

Malicious code in nespresso-design-system (npm)

Malicious code in @nestor_hexom/garfield1 (npm)

Malicious code in nest-moralis (npm)

Malicious code in @nestor_hexom/qyxb (npm)