This page collects WhisperX intelligence signals tagged #dependency-vulnerability. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A security vulnerability in the Axios HTTP client library could allow attackers to escalate a Prototype Pollution flaw in third-party dependencies into Remote Code Execution (RCE) or full cloud environment compromise. The flaw affects all versions prior to 1.15.0 and 0.3.1, exposing applications that rely on this widel...
A security scanner has flagged a critical vulnerability in a non-standard Kibana repository containing the AWS Bedrock client library. The client-bedrock-runtime-3.687.0.tgz package harbors eight distinct vulnerabilities, with the highest reaching a CVSS score of 9.8—placing it in the critical severity range. The expos...
A maximum-severity vulnerability has been identified in nextra-theme-docs, a widely deployed documentation framework built on Next.js. Tracked as CVE-2025-55182 with a CVSS score of 10.0, the flaw affects the next-15.5.4.tgz dependency and carries a high exploit maturity rating, placing organizations running this stack...
A HIGH severity SQL injection vulnerability in Drizzle ORM versions prior to 0.45.2 has surfaced within the Booster-AI project, triggering an urgent dependency audit and blocking the CI pipeline's security gate. The flaw, catalogued as GHSA-gpj5-g38j-94v9, stems from improperly escaped SQL identifiers and was uncovered...
Two critical security vulnerabilities have been addressed in a backport patch targeting core dependencies across the frontend, Java extensions, and filesystem broker components. The fixes resolve CVE-2026-42198 and CVE-2026-5598, both of which expose systems to serious attack vectors—one enabling denial-of-service, the...