Security Advisories

Browse security advisories and track which Dependabot PRs address them.

24,784

Total Advisories

1,792

With Dependabot PRs

3,506

Critical Severity

8,617

High Severity

Clear All Filters

shared_preferences_android vulnerability

GHSA-3hpf-ff72-j67p LOW 12 months ago

### Impact Due to some data types not being natively representable for the available storage options, shared_preferences_android serializes and des...

Agent Dart is missing certificate verification checks

GHSA-fmj7-7gfw-64pg CVE-2024-48915 HIGH about 1 year ago

Certificate verification (in [lib/agent/certificate.dart](https://github.com/AstroxNetwork/agent_dart/blob/main/lib/agent/certificate.dart)) has be...

Serverpod improved security for stored password hashes

GHSA-r75m-26cq-mjxc CVE-2024-29886 MODERATE over 1 year ago

## Description ### Improved security for stored password hashes Serverpod now uses the OWASP, [source](https://cheatsheetseries.owasp.org/cheatshe...

Serverpod client accepts any certificate

GHSA-h6x7-r5rg-x5fw CVE-2024-29887 HIGH over 1 year ago

This bug bypassed the validation of TSL certificates on all none web HTTP clients in the `serverpod_client` package. Making them susceptible to a m...

pubnub Insufficient Entropy vulnerability

GHSA-5844-q3fc-56rh CVE-2023-26154 MODERATE almost 2 years ago

Versions of the package pubnub before 7.4.0; all versions of the package com.pubnub:pubnub; versions of the package pubnub before 6.19.0; all versi...

cargo go maven +6 more

Path traversal in Archive

GHSA-9v85-q87q-g4vg CVE-2023-39139 HIGH about 2 years ago

An issue in Archive v3.3.7 allows attackers to execute a path traversal via extracting a crafted zip file.

Filename spoofing in archive

GHSA-r285-q736-9v95 CVE-2023-39137 HIGH about 2 years ago

An issue in Archive v3.3.7 allows attackers to spoof zip filenames which can lead to inconsistent filename parsing.

dio vulnerable to CRLF injection with HTTP method string

GHSA-9324-jv53-9cc8 CVE-2021-31402 HIGH over 2 years ago

### Impact The dio package 4.0.0 for Dart allows CRLF injection if the attacker controls the HTTP method string, a different vulnerability than CVE...

personnummer/dart vulnerable to Improper Input Validation

GHSA-4xh4-v2pq-jvhm CVE-2023-22963 LOW about 3 years ago

This vulnerability was reported to the personnummer team in June 2020. The slow response was due to locked ownership of some of the affected packag...

http before 0.13.3 vulnerable to header injection

GHSA-4rgh-jx4f-qfcq CVE-2020-35669 MODERATE over 3 years ago

An issue was discovered in the http package before 0.13.3 for Dart. If the attacker controls the HTTP method and the app is using Request directly,...