CRITICAL: GHSA-q2f7-m237-v562: @hulumi/policies: GitHub OIDC trust policy bypass via AWS set-qualified condition operators — quick heads-up.
Packages: @hulumi/policies
https://npmscan.com/vulnerability/GHSA-q2f7-m237-v562
Packages: @hulumi/policies
https://npmscan.com/vulnerability/GHSA-q2f7-m237-v562
NPMSCan
Vulnerability GHSA-q2f7-m237-v562 | NPMSCan
Details, references, and analysis for vulnerability GHSA-q2f7-m237-v562 in npm ecosystem.
HIGH: GHSA-4xrh-5m3m-328w: @hulumi/policies: CIS 1.16 admin policy bypass for inline and attached IAM policies — quick heads-up.
Packages: @hulumi/policies
https://npmscan.com/vulnerability/GHSA-4xrh-5m3m-328w
Packages: @hulumi/policies
https://npmscan.com/vulnerability/GHSA-4xrh-5m3m-328w
NPMSCan
Vulnerability GHSA-4xrh-5m3m-328w | NPMSCan
Details, references, and analysis for vulnerability GHSA-4xrh-5m3m-328w in npm ecosystem.
HIGH: GHSA-g43v-9x7q-83pq: @hulumi/policies: HULUMI-H1 SecureBucket parent spoof bypass — quick heads-up.
Packages: @hulumi/policies
https://npmscan.com/vulnerability/GHSA-g43v-9x7q-83pq
Packages: @hulumi/policies
https://npmscan.com/vulnerability/GHSA-g43v-9x7q-83pq
NPMSCan
Vulnerability GHSA-g43v-9x7q-83pq | NPMSCan
Details, references, and analysis for vulnerability GHSA-g43v-9x7q-83pq in npm ecosystem.
MEDIUM: GHSA-q8mj-m7cp-5q26 (CVE-2026-8723): qs has a remotely triggerable DoS: qs.stringify crashes with TypeError on null/undefined entries in comma-format arrays when encodeValuesOnly is set — quick heads-up.
Packages: qs
https://npmscan.com/vulnerability/GHSA-q8mj-m7cp-5q26
Packages: qs
https://npmscan.com/vulnerability/GHSA-q8mj-m7cp-5q26
NPMSCan
Vulnerability GHSA-q8mj-m7cp-5q26 | NPMSCan
Details, references, and analysis for vulnerability GHSA-q8mj-m7cp-5q26 in npm ecosystem.
HIGH: GHSA-j3vx-cx2r-pvg8 (CVE-2026-46701): Network-AI: Unauthenticated Cross-Origin MCP Tool Invocation via Empty Default Secret — quick heads-up.
Packages: network-ai
https://npmscan.com/vulnerability/GHSA-j3vx-cx2r-pvg8
Packages: network-ai
https://npmscan.com/vulnerability/GHSA-j3vx-cx2r-pvg8
NPMSCan
Vulnerability GHSA-j3vx-cx2r-pvg8 | NPMSCan
Details, references, and analysis for vulnerability GHSA-j3vx-cx2r-pvg8 in npm ecosystem.
HIGH: GHSA-2ffm-hxrq-qqmm: @hulumi/drift: Orphan reconciler accepted externally supplied execute plans — quick heads-up.
Packages: @hulumi/drift
https://npmscan.com/vulnerability/GHSA-2ffm-hxrq-qqmm
Packages: @hulumi/drift
https://npmscan.com/vulnerability/GHSA-2ffm-hxrq-qqmm
NPMSCan
Vulnerability GHSA-2ffm-hxrq-qqmm | NPMSCan
Details, references, and analysis for vulnerability GHSA-2ffm-hxrq-qqmm in npm ecosystem.
MEDIUM: GHSA-gfp8-mp24-5vxg: @hulumi/baseline: CloudTrail selector tampering events were not fully detected — quick heads-up.
Packages: @hulumi/baseline
https://npmscan.com/vulnerability/GHSA-gfp8-mp24-5vxg
Packages: @hulumi/baseline
https://npmscan.com/vulnerability/GHSA-gfp8-mp24-5vxg
NPMSCan
Vulnerability GHSA-gfp8-mp24-5vxg | NPMSCan
Details, references, and analysis for vulnerability GHSA-gfp8-mp24-5vxg in npm ecosystem.
LOW: GHSA-f76x-f9vj-92jv (CVE-2026-46554): NocoDB: Stale Auth Cache After API Token Deletion — quick heads-up.
Packages: nocodb
https://npmscan.com/vulnerability/GHSA-f76x-f9vj-92jv
Packages: nocodb
https://npmscan.com/vulnerability/GHSA-f76x-f9vj-92jv
NPMSCan
Vulnerability GHSA-f76x-f9vj-92jv | NPMSCan
Details, references, and analysis for vulnerability GHSA-f76x-f9vj-92jv in npm ecosystem.
LOW: GHSA-8rwr-f68v-cvw6 (CVE-2026-46553): NocoDB: Attachment Size Limit Bypass via Upload-by-URL — quick heads-up.
Packages: nocodb
https://npmscan.com/vulnerability/GHSA-8rwr-f68v-cvw6
Packages: nocodb
https://npmscan.com/vulnerability/GHSA-8rwr-f68v-cvw6
NPMSCan
Vulnerability GHSA-8rwr-f68v-cvw6 | NPMSCan
Details, references, and analysis for vulnerability GHSA-8rwr-f68v-cvw6 in npm ecosystem.
MEDIUM: GHSA-chqv-vrj7-qffp (CVE-2026-46552): NocoDB: Shared-base link access can invite arbitrary users as persistent base members — quick heads-up.
Packages: nocodb
https://npmscan.com/vulnerability/GHSA-chqv-vrj7-qffp
Packages: nocodb
https://npmscan.com/vulnerability/GHSA-chqv-vrj7-qffp
NPMSCan
Vulnerability GHSA-chqv-vrj7-qffp | NPMSCan
Details, references, and analysis for vulnerability GHSA-chqv-vrj7-qffp in npm ecosystem.
MEDIUM: GHSA-99vc-2jx2-688p (CVE-2026-46551): NocoDB: Missing File Size Enforcement in Upload-by-URL Allows Denial of Service via Disk Exhaustion — quick heads-up.
Packages: nocodb
https://npmscan.com/vulnerability/GHSA-99vc-2jx2-688p
Packages: nocodb
https://npmscan.com/vulnerability/GHSA-99vc-2jx2-688p
NPMSCan
Vulnerability GHSA-99vc-2jx2-688p | NPMSCan
Details, references, and analysis for vulnerability GHSA-99vc-2jx2-688p in npm ecosystem.
MEDIUM: GHSA-f74w-272x-mqcv (CVE-2026-46550): NocoDB: Refresh Token Cookie Set Without `secure` and `sameSite` Flags — quick heads-up.
Packages: nocodb
https://npmscan.com/vulnerability/GHSA-f74w-272x-mqcv
Packages: nocodb
https://npmscan.com/vulnerability/GHSA-f74w-272x-mqcv
NPMSCan
Vulnerability GHSA-f74w-272x-mqcv | NPMSCan
Details, references, and analysis for vulnerability GHSA-f74w-272x-mqcv in npm ecosystem.