Search CVE reports
1 – 10 of 30778 results
CVE-2025-48175
Medium priorityNot in release
In libavif before 1.3.0, avifImageRGBToYUV in reformat.c has integer overflows in multiplications involving rgbRowBytes, yRowBytes, uRowBytes, and vRowBytes.
1 affected package
libavif
| Package | 20.04 LTS |
|---|---|
| libavif | Not in release |
CVE-2025-48174
Medium priorityNot in release
In libavif before 1.3.0, makeRoom in stream.c has an integer overflow and resultant buffer overflow in stream->offset+size.
1 affected package
libavif
| Package | 20.04 LTS |
|---|---|
| libavif | Not in release |
CVE-2025-48050
Medium priorityNot in release
In DOMPurify through 3.2.5 before 6bc6d60, scripts/server.js does not ensure that a pathname is located under the current working directory.
1 affected package
node-dompurify
| Package | 20.04 LTS |
|---|---|
| node-dompurify | Not in release |
CVE-2025-47928
Medium priorityNot in release
Spotipy is a Python library for the Spotify Web API. As of commit 4f5759dbfb4506c7b6280572a4db1aabc1ac778d, using `pull_request_target` on `.github/workflows/integration_tests.yml` followed by the checking out the head.sha of a...
1 affected package
spotipy
| Package | 20.04 LTS |
|---|---|
| spotipy | Not in release |
CVE-2025-47287
Medium priorityTornado is a Python web framework and asynchronous networking library. When Tornado's ``multipart/form-data`` parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows...
1 affected package
python-tornado
| Package | 20.04 LTS |
|---|---|
| python-tornado | Needs evaluation |
CVE-2025-47279
Medium priorityNot in release
Undici is an HTTP/1.1 client for Node.js. Prior to versions 5.29.0, 6.21.2, and 7.5.0, applications that use undici to implement a webhook-like system are vulnerable. If the attacker set up a server with an invalid certificate,...
1 affected package
node-undici
| Package | 20.04 LTS |
|---|---|
| node-undici | Not in release |
CVE-2025-4516
Medium priorityThere is an issue in CPython when using `bytes.decode("unicode_escape", error="ignore|replace")`. If you are not using the "unicode_escape" encoding or an error handler your usage is not affected. To work-around this issue you may...
12 affected packages
python2.7, python3.10, python3.11, python3.12, python3.13...
| Package | 20.04 LTS |
|---|---|
| python2.7 | Needs evaluation |
| python3.10 | Not in release |
| python3.11 | Not in release |
| python3.12 | Not in release |
| python3.13 | Not in release |
| python3.14 | Not in release |
| python3.4 | Not in release |
| python3.5 | Not in release |
| python3.6 | Not in release |
| python3.7 | Not in release |
| python3.8 | Needs evaluation |
| python3.9 | Needs evaluation |
CVE-2025-4123
Medium priorityNot in release
[Unknown description]
1 affected package
grafana
| Package | 20.04 LTS |
|---|---|
| grafana | Not in release |
CVE-2025-1647
Medium priorityImproper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Bootstrap allows Cross-Site Scripting (XSS).This issue affects Bootstrap: from 3.4.1 before 4.0.0.
1 affected package
twitter-bootstrap3
| Package | 20.04 LTS |
|---|---|
| twitter-bootstrap3 | Needs evaluation |
CVE-2025-46836
Medium prioritynet-tools is a collection of programs that form the base set of the NET-3 networking distribution for the Linux operating system. Inn versions up to and including 2.10, the Linux network utilities (like ifconfig) from...
1 affected package
net-tools
| Package | 20.04 LTS |
|---|---|
| net-tools | Vulnerable |