This page collects WhisperX intelligence signals tagged #open source vulnerability. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical security scan has flagged the `optimize-css-assets-webpack-plugin` version 6.0.1 as a vector for five distinct vulnerabilities within the DimaMend/V-Achilles GitHub repository. The most severe flaw carries a CVSS score of 7.5, indicating a high-risk exposure. The vulnerable library is directly integrated int...
A high-severity vulnerability, CVE-2026-4867, has been identified in the widely used Express.js framework version 4.22.1. The flaw, with a CVSS score of 7.5, resides in the `path-to-regexp` dependency, a core library for parsing URL paths. This security gap exposes any application built on this specific version of Expr...
A high-severity vulnerability, CVE-2026-33940, has been detected in the `handlebars-4.7.7.tgz` library, directly exposing a development branch of the Nextcloud project. The vulnerable package was found in the HEAD commit of the `mcaj-git/nextcloud-dev` repository, indicating active integration of a flawed dependency in...
A medium-severity vulnerability in the popular Node.js logging library, log4js-node, leaves sensitive application data exposed by default. The flaw, tracked as CVE-2022-21704, causes log files created by the library's core appenders to be set with world-readable permissions on Unix-like systems. This means any user or ...
A critical security flaw in the popular Sequelize ORM for Node.js has been patched, exposing countless applications to SQL injection attacks. The vulnerability, tracked as CVE-2026-30951, resides in the library's JSON/JSONB `where` clause processing. Specifically, the `_traverseJSON()` function splits JSON path keys on...
Ruby 核心文档工具 RDoc 的 3.12.2 版本被确认存在两个未修复的高危安全漏洞,其中一个 CVSS 评分高达 7.5。这些漏洞直接存在于项目的依赖链中,且官方未提供补丁,迫使开发者自行承担风险或寻找替代方案。 具体漏洞涉及 `rdoc-3.12.2.gem` 本身及其依赖的 `json-1.8.6.gem`。CVE-2020-10663 影响 `json` 库,CVSS 评分为 7.5,被标记为高危。CVE-2021-31799 则直接影响 `rdoc` 库,CVSS 评分为 7.0,同样为高危。安全扫描报告明确指出,这两个漏洞均无官方修复版本可用,修复状态为“不可用”。这意味着依赖此版本 RDoc 的 Ruby 项目...
一个被标记为高严重性(High Severity)的漏洞 CVE-2026-24400 已在流行的 Java 测试库 AssertJ Core 的 3.22.0 版本中被检测到。该漏洞直接存在于核心 JAR 文件 `assertj-core-3.22.0.jar` 中,该库被广泛用于为 Java 应用程序提供丰富且流畅的断言功能,是开发测试环节的关键依赖。自动化安全扫描已在项目依赖路径中多次定位到该易受攻击的库文件,表明其可能已通过 Maven 中央仓库等渠道被集成到多个下游项目中。 此次漏洞的直接影响范围尚不完全明确,但鉴于 AssertJ 在 Java 开发社区中的广泛采用,其潜在风险不容小觑。扫描报告显示,漏洞库文件存在于 ...